From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> To: Adam Shostack <adam@homeport.org> Cc: Robert Watson <robert+freebsd@cyrus.watson.org>, Poul-Henning Kamp <phk@critter.freebsd.dk>, The Tech-Admin Dude <geniusj@phoenix.unacom.com>, Brian Beaulieu <brian@capital-data.com>, freebsd-security@FreeBSD.ORG Subject: Re: Blowfish/Twofish Message-ID: <372D6435.8EF1437A@vangelderen.org> References: <Pine.BSF.3.96.990501150648.2670B-100000@fledge.watson.org> <372C19F5.625BB2B@vangelderen.org> <19990502215431.A22973@weathership.homeport.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Adam Shostack wrote: [...] > | In any case, if you recommend against using Blowfish, what's the > | reason? > > The reason not to use Blowfish is (imho) the Pi key scheduling. Key > schedules need to be designed, not taken at random from nature. Uhm, AFAIK the Blowfish keyschedule was designed, it just happens to use digits of Pi as magic numbers. The designers just wanted to err on the safe side and they effectively created a very inefficient one-way 'hash' for keyschedule. They did this because a lot of key schedules were attacked and broken. > The reason to not use it for passwords is that the function you want > (if you're going to not change the model), is a hash function, not a > block cipher. The original recommendation was Twofish over Blowfish. My point was that Twofish is too new to recommend. In any case, you can turn blockciphers into hashes if they can withstand certain kinds of attacks. Cheers, Jeroen -- Jeroen C. van Gelderen - jeroen@vangelderen.org - 0xC33EDFDE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?372D6435.8EF1437A>