Re: The importance of IVs
From: Regis (nobody_at_thisaddress.com)
Date: Sun, 28 Aug 2005 20:43:26 -0400
On 28 Aug 2005 08:06:39 -0700, "mobius30" <email@example.com>
>I haven't looked into Twofish very much, but I will someday.
Schneier wrote Blowfish first, and the Twofish later -- in order to
address the limitations of Blowfish.
>O.K. (Get's ready to duck...) Time for some rhetoric on AES vs.
>Blowfish. I know, the almight NSA, with its 11-digit budget, has given
>AES its "you are cool enough to be in our little club" stamp of
>approval. Good enough for government work, right?
It wasn't the NSA's "stamp of approval" that made Rijndael the AES
cipher of choice. Rijndael was chosen as the new AES by a group of
respected and very knowledgeable cryptographers from around the world.
> Yeah, right. So was DES. (It takes less than a day to crack that now, right?) But as
>far as AES goes, I believe (yes, just my lay opinion here) that
>14-round AES-256 will be cracked LONG before 16-round Blowfish-448.
I don't think you're going to find too many people who agree with you
on that one. Rijndael was chosen to be the new AES because it was
deemed to be more secure than Blowfish. Keep in mind that Blowfish
never even made it into the AES competition. Schneier decided to
submit only Twofish because he already knew by that time that Blowfish
wouldn't stand a chance against the other entries. Rijndael came in
first place, thereby winning the AES title. Serpent came in second,
and Twofish came in third, followed by RC6 and MARS.
So if you're going to put your eggs into the "fish" basket, you'd be
better off with Twofish over Blow.
>But why take your chances now? Moore's law MUST be considered here. What
>was once considered completely impossible can now be done by a 13-year
>old on his daddy's computer.
Moore's law isn't relevant when we're talking about brute-forcing the
keyspace of a given cipher, which is the only type of attack you could
expect from a 13-year old on his home computer. The keyspaces are so
large, that mounting a key search attack isn't feasible, and won't be
feasible for such a long time yet, that it's not even worth
>Bottom line, I guess it depends on how
>much you trust AES and exactly how valuable your data is to you.
You should learn to trust AES much more so than Blowfish. :-)
>And I BELIEVE that it won't be broken before AES.
It all depends on whether or not some major design flaw is discovered
in either algorithm. Brute forcing is out of the question, and
differential cryptanalysis will only get you so far. So...assuming
that no major flaw exists in either Blowfish or AES, then it would be
perfectly reasonable to trust your data to either one for quite some
time yet. But in the long run, all things being equal, AES will
outlive Blowfish in terms of security.
>One last thing. Any ideas on a web source that has up-to-date test
>vectors for Blowfish? (Correct ones!)
For test vectors, the ONLY place you should look is the web site of
the cipher designer.