Re: Needle in a haystack--or is this just stupid?

Date: 07/04/05

Date: Mon, 04 Jul 2005 13:08:16 +1000

Joseph Ashwood wrote:
> <Crypto@S.M.S> wrote in message
>>CryptoSMS uses Blowfish on top of ARC4 on top of
>>triple IDEA (all with independent keys, IV, nonce).
>>What are the flaws in these ciphers?
> Blowfish has several partial attacks the coverage by Bruce Schneier (the
> originator of Blowfish) is fairly up to date and available at
>; the attacks on it are:
> Weak keys
> Detectable class of keys
> and an attack on 4 rounds that doesn't get any where near the whole thing

Attacks on simplified Blowfish,
not on a full & proper implementation.

Weak keys are easy to detect and avoid.
CryptoSMS does both, so what you're saying here is
that Blowfish is not truly weak.

> The attacks on RC4/ARC4/Alleged-RC4 are too numerous to be listed concisely,
> but probably the most important for CryptoSMS is the byte-wise bias present.

The attacks on RC4/ARC4 are all based on faulty implementations,
*without* proper Nonce and IV. CryptoSMS has both. This is taken
from the Crypto Mini-FAQ posted regularly to this group:

    RC4 (aka ARC4) is a very popular stream cipher for those reasons.
    It is commonly used in SSL for secure web connections, and is
    reasonably secure if used correctly. You need to avoid reusing a
    key, waste the first few output bytes, and realize that there is no

Note well, RC4 is "reasonably secure if used correctly". CryptoSMS
avoids "reusing a key", and it discards the first 4096 bytes of the key
stream (as advised above, and elsewhere).

> IDEA is also subject to weak keys, is broken to most of the rounds, and is
> subject to intellectual property attacks which make for some rather
> interesting problems beyond cryptography. Good information at
> .
> Of these IDEA is the only one that hasn't had something badly damaging, and
> for the last decade most cryptanalysts have been saying that RC4 needs to be
> retired because of it's flaws. None of the ciphers are considered to be in
> the class of the best available, and generally all work attacking them has
> stopped as the 5 AES finalists are superior in every way.
> Joe

So the ONLY real attack you can cite is that IDEA is patented?
According to the page at the link you gave, it is patented in
"some countries" (no list provided), and even in those, the
patent runs out in 2010.

Hardly an "attack". Doubtful if the patent holders even care anymore.

So let's recap. Blowfish is secure, RC4 is reasonably secure, and
triple IDEA is also secure.