Re: The importance of IVs

From: Paul Rubin (//phr.cx_at_NOSPAM.invalid)
Date: 08/27/05

• Next message: mobius30: "Re: The importance of IVs"
• Previous message: mobius30: "Re: The importance of IVs"
• In reply to: mobius30: "Re: The importance of IVs"
• Next in thread: mobius30: "Re: The importance of IVs"
• Reply: mobius30: "Re: The importance of IVs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 27 Aug 2005 13:50:34 -0700

"mobius30" <mobius30@hushmail.com> writes:
> I'm by no means neither a professional programmer NOR an accomplished
> crytographer. I'm an amateur programmer, with most of my experience in
> VB .NET. I am looking for BOTH off-the-shelf symmetric software and
> the libraries necessary to build my own. The end goal is to gain
> enough reference and knowledge to:
> Build a good solid TRUE Blowfish crypto app in VB.NET. Nothing
> spectacular, just a simple plain-text app that is secure (i.e. doesn't
> write to swap, uses the correct algorithm, does the full 16-rounds, etc).

The biggest problem here is avoiding writing to swap. I'd be surprise
if vb.net gives you any control over that.

> Almost every app I've found (freeware at least) uses C or C++.
> So, yes, your help would be greatly appreciated. Do you know of any
> off-the-shelf free (or low-cost) apps that implement TRUE 16-round
> 64-bit block Blowfish (you know, what Schneier actually intended a
> decade ago!)?

I've never heard of anyone implementing "false" 16-round Blowfish.
Blowfish has been implemented many times, though maybe not in VB.

Blowfish is sort of old-school these days though. Is there some
reason you don't want to use AES? I'd say you should use AES in EAX
mode, if you want to be up with the times.

Actually, there may be a Windows CAPI function that does AES, in which
case you should use it.

• Next message: mobius30: "Re: The importance of IVs"
• Previous message: mobius30: "Re: The importance of IVs"
• In reply to: mobius30: "Re: The importance of IVs"
• Next in thread: mobius30: "Re: The importance of IVs"
• Reply: mobius30: "Re: The importance of IVs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: too much encryption ... AES, you see Blowfish gets roughly 64 MB/Sec while AES gets ... presume whatever software you are using is using AES in CBC mode, ... defined as applying the previous ciphertext block to the next plaintext ... (comp.os.linux.security) Re: Multiple encryption: again, and again, and again... ... >Blowfish key, then try every single AES key, then the second Blowfish ... plaintext/ciphertext pair, encrypt plaintext with all possible AES keys, ... already making of the attacker having time to brute-force AES or Blowfish ... (sci.crypt) Re: Welche Festplattenverschlüsselung ist sicherer? ... auf Performance dem AES 256 immer überlegen war. ... Zwischen AES und Blowfish gibt es zwar Unterschiede bei der Performace, ... Notebook, da hier die Gefahr des Diebstahls relativ ... (de.comp.security.misc) Re: The importance of IVs ... I haven't looked into Twofish very much, ... <address the limitations of Blowfish. ... Time for some rhetoric on AES vs. ... <It wasn't the NSA's "stamp of approval" that made Rijndael the AES ... (sci.crypt) Re: Determine what encryption was used ... tell what type of encryption, AES or Blowfish, was used? ... The .enc file could potentially have included the plaintext string: ... (comp.security.misc)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint