Re: The importance of IVs

From: mobius30 (mobius30_at_hushmail.com)
Date: 08/27/05


Date: 27 Aug 2005 12:31:54 -0700

Regis wrote:
>"So yeah, forget about the IV problem. What I found even more
>disturbing is the sheer number of these libraries out there that are
>so badly assembled that they're not even what they claim to be. For
>instance, a library containing AES and Blowfish (for example), SHOULD
>be able to give you actual AES and Blowfish encryption. This is a
>no-brainer. But in my findings, it turns out that in many cases,
>you're not getting AES, nor are you getting Blowfish. So what are you
>getting? Essentially a faulty implementation which can range in
>seriousness from being somewhat buggy, to being completely insecure."

So, what you're saying is basically "If you want something done right,
do it yourself?"
This is the frightening conclusion I don't want to come to....



Relevant Pages

  • Re: too much encryption
    ... AES, you see Blowfish gets roughly 64 MB/Sec while AES gets ... presume whatever software you are using is using AES in CBC mode, ... defined as applying the previous ciphertext block to the next plaintext ...
    (comp.os.linux.security)
  • Re: Modes of operation
    ... A block cipher is deterministic: with the same key and the same input ... This is the main reason why, when the AES competition was launched, ... He explicitly recommended Blowfish if what you wanted to do ... worthwhile attacks have been made on Blowfish - although it is pretty ...
    (sci.crypt)
  • Re: Multiple encryption: again, and again, and again...
    ... >Blowfish key, then try every single AES key, then the second Blowfish ... plaintext/ciphertext pair, encrypt plaintext with all possible AES keys, ... already making of the attacker having time to brute-force AES or Blowfish ...
    (sci.crypt)
  • Re: Welche Festplattenverschlüsselung ist sicherer?
    ... auf Performance dem AES 256 immer überlegen war. ... Zwischen AES und Blowfish gibt es zwar Unterschiede bei der Performace, ... Notebook, da hier die Gefahr des Diebstahls relativ ...
    (de.comp.security.misc)
  • Re: Encryption between Python & PHP
    ... > libraries and you have to encrypt/decrypt with the same library. ... blowfish is blowfish is blowfish. ... That said, yes, it is possible that the internal implementation details ... the same answer to the same multiplication problem (keeping the ...
    (comp.lang.python)