Re: The importance of IVs

From: Regis (nobody_at_thisaddress.com)
Date: 08/29/05


Date: Sun, 28 Aug 2005 20:43:26 -0400

On 28 Aug 2005 08:06:39 -0700, "mobius30" <mobius30@hushmail.com>
wrote:

>I haven't looked into Twofish very much, but I will someday.

Schneier wrote Blowfish first, and the Twofish later -- in order to
address the limitations of Blowfish.

>O.K. (Get's ready to duck...) Time for some rhetoric on AES vs.
>Blowfish. I know, the almight NSA, with its 11-digit budget, has given
>AES its "you are cool enough to be in our little club" stamp of
>approval. Good enough for government work, right?

It wasn't the NSA's "stamp of approval" that made Rijndael the AES
cipher of choice. Rijndael was chosen as the new AES by a group of
respected and very knowledgeable cryptographers from around the world.

> Yeah, right. So was DES. (It takes less than a day to crack that now, right?) But as
>far as AES goes, I believe (yes, just my lay opinion here) that
>14-round AES-256 will be cracked LONG before 16-round Blowfish-448.

I don't think you're going to find too many people who agree with you
on that one. Rijndael was chosen to be the new AES because it was
deemed to be more secure than Blowfish. Keep in mind that Blowfish
never even made it into the AES competition. Schneier decided to
submit only Twofish because he already knew by that time that Blowfish
wouldn't stand a chance against the other entries. Rijndael came in
first place, thereby winning the AES title. Serpent came in second,
and Twofish came in third, followed by RC6 and MARS.

So if you're going to put your eggs into the "fish" basket, you'd be
better off with Twofish over Blow.

>But why take your chances now? Moore's law MUST be considered here. What
>was once considered completely impossible can now be done by a 13-year
>old on his daddy's computer.

Moore's law isn't relevant when we're talking about brute-forcing the
keyspace of a given cipher, which is the only type of attack you could
expect from a 13-year old on his home computer. The keyspaces are so
large, that mounting a key search attack isn't feasible, and won't be
feasible for such a long time yet, that it's not even worth
considering.

>Bottom line, I guess it depends on how
>much you trust AES and exactly how valuable your data is to you.

You should learn to trust AES much more so than Blowfish. :-)

>And I BELIEVE that it won't be broken before AES.

It all depends on whether or not some major design flaw is discovered
in either algorithm. Brute forcing is out of the question, and
differential cryptanalysis will only get you so far. So...assuming
that no major flaw exists in either Blowfish or AES, then it would be
perfectly reasonable to trust your data to either one for quite some
time yet. But in the long run, all things being equal, AES will
outlive Blowfish in terms of security.

>One last thing. Any ideas on a web source that has up-to-date test
>vectors for Blowfish? (Correct ones!)

For test vectors, the ONLY place you should look is the web site of
the cipher designer.



Relevant Pages

  • Re: key length vs block length, most secure encryption algorithm today?
    ... Twofish is a development of Blowfish and more secure. ... Both AES and Twofish were ...
    (sci.crypt)
  • Re: too much encryption
    ... AES, you see Blowfish gets roughly 64 MB/Sec while AES gets ... presume whatever software you are using is using AES in CBC mode, ... defined as applying the previous ciphertext block to the next plaintext ...
    (comp.os.linux.security)
  • Re: Modes of operation
    ... A block cipher is deterministic: with the same key and the same input ... This is the main reason why, when the AES competition was launched, ... He explicitly recommended Blowfish if what you wanted to do ... worthwhile attacks have been made on Blowfish - although it is pretty ...
    (sci.crypt)
  • Re: OT: Careful what you keep in the cloud...
    ... One is the encryption algorithm - AES256 is good, ZipCrypto isn't. ... What about blowfish? ... Use Twofish if you ... why not just use AES? ...
    (uk.rec.motorcycles)
  • Re: Opinions on Components From Crypto-Central
    ... It contains MD5, Rijndael, Blowfish and Twofish implementations. ... DES is not available though. ...
    (borland.public.delphi.thirdpartytools.general)