Re: What can one do against Keylogger Attacks?

Date: 08/08/05

Date: Mon, 08 Aug 2005 15:39:19 +1000

Joseph Ashwood wrote:
> "Johan Wevers" <> wrote in message
>><Crypto@S.M.S> wrote:
>>>Joe Ashwood has stated that Blowfish is weak.
>>All I can find of this person are usenet postings (google with "john
>>blowfish"). Is he supposed to be some authority? And if so, what has he
> I'd say you didn't do enough searching, but you won't find anything that I
> have published about Blowfish, you will also find that my publications are
> difficult to locate as most have nevertouched the internet. But my statement
> was never that Blowfish is weak, my statement was that Blowfish has some
> minor attacks and is not considered among the state-of-the-art ciphers.

You claimed that CryptoSMS is weak because it uses Blowfish
as one of its encryption layers. SO which is it? Do these
"minor" attacks allow you to break Blowfish encrypted messages,
or not?

> For the case in question (password storage), the data files are likely to be
> small enough, the data changes infrequent enough, and the data used in such
> a fashion that Blowfish, used in a suitable mode of operation, should be
> sufficient.
> Joe

Are short messages equally small enough that Blowfish in CBC mode
"should be sufficient"?