Changing preferences

John Clizbe John at Mozilla-Enigmail.org
Wed Sep 24 09:57:34 CEST 2008 

Faramir wrote:
> Robert J. Hansen escribió:
>> Faramir wrote:
>>> didn't include Blowfish because I was told it is not supported by PGP
> 
>> PGP can read Blowfish traffic.  It won't generate Blowfish traffic, but
>> that's a separate issue.
> 
>   Interesting... I will add it to my list... please note I am still
> talking about what I can receive, I intend to keep using the most used
> algo's in my preferred algo's as a sender... maybe not in the same
> order, but the same list.
> 
>>> [Schneier] says people should move to Twofish.
> 
>> No, Schneier has recommended people abandon Twofish and move to AES.
> 
>   Maybe he said both things, my source was wikipedia, but they provided
> a link to the interview where he said that:
> 
>   Dahna, McConnachie (2007-12-27). "Bruce Almighty: Schneier preaches
> security to Linux faithful". Computerworld 3. Retrieved on 2007-12-31.
> "At this point, though, I'm amazed it's still being used. If people ask,
> I recommend Twofish instead."

Well, sort of. That section of the interview is talking about Twofish wrt folks
still using Blowfish (top of page three). Since you didn't provide a link, I
will[0]:

Q: A rough count from the list on your Web site indicates that there are well
   over 150 software products (including the mainline Linux kernel, from
   v2.5.47) that use Blowfish. Has it exceeded or met your expectations?

A: I don't know if I had any expectations. There weren't enough alternatives to
   DES out there. I wrote Blowfish as such an alternative, but I didn't even
   know if it would survive a year of cryptanalysis. Writing encryption
   algorithms is hard, and it's always amazing if one you write actually turns
   out to be secure. At this point, though, I'm amazed it's still being used. If
   people ask, I recommend Twofish instead.

Don't see any mention of AES.

Also, you may wish to consider that on page four of that interview, when asked
about a 3rd edition of /Applied Cryptography/[1], Schneier responds:

   "However, in a way there is now a sequel. Practical Cryptography[2], by
   Neils Ferguson and myself, was published this year. It's about
   cryptography as it is used in real-world systems, about cryptography
   as an engineering discipline rather than cryptography as a mathematical
   science.

   "This is the book we wish we'd had more than a decade ago when we
   started our cryptographic careers. It collects our combined experiences
   on how to design cryptographic systems the right way. In some ways, this
   book is a sequel to Applied Cryptography, but it focuses on very practical
   problems and on how to build a secure system rather than just design a
   cryptographic protocol.

And in /Applied Cryptography/, they write[3]:

   4.5.7 Which Block Cipher Should I Choose

  "/That/ is the question. Don't forget that we are biased because we were part
of the team that designed Twofish. We also spent quite a lot of time attacking
the other AES finalist, which further influences our point of view.
...

  "The safe choice for your career is AES. This is the official standard,
sanctioned by the U.S. government. Everybody else will be using it, too. We do
not think it is the absolute safest choice for your data, but if there is ever a
successful attack against AES, it obviously won't be your fault. They used to
say "nobody gets fired for buying IBM." Similarly, nobody will fire you for
choosing AES. As long as it isn't you who loses money and/or sleep if AES gets
broken, choose AES.

  "AES has other advantages. It is relatively easy to use and implement. All
cryptographic libraries support it, and all customers like it as it is "the
standard." In this sense, you cannot go wrong with AES.

  "If you are paranoid about the security of your data, and speed is not that
important, then you should choose Serpent. During the AES process, every serious
cryptographer agreed that Serpent was the most secure (or most conservative) of
all the submissions.

  "That does not leave a lot of room for Twofish. You should only choose Twofish
if you want the speed of AES without the security disadvantages listed above. Of
course, all the institutional advantages of AES will now weigh against you. If
Twofish is ever broken, you will be blamed for selecting it.

  "There are probably circumstances in which 3DES still is the best solution. If
you have to be backward compatible, or are locked into a 64-bit block size by
other parts of the system, then 3DES is still your best choice...

WikiPedia can provide good background. It is not always authoritative.
BTW, I tracked down the page you referenced, It was Wikipedia's Blowfish
page[4]. Item 3 under Notes and references.

I'm going to agree with the others, most folks will tell you AES and 3DES if you
need the backwards compatibility.

[0] http://www.computerworld.com.au/index.php/id;1891124482;pp;3
[1] http://www.schneier.com/book-applied.html
[2] http://www.amazon.co.uk/Practical-Cryptography-Niels-Ferguson/dp/0471223573
    also http://www.schneier.com/book-practical.html
[3] Ferguson, Niels & Schneier, Bruce. /Practical Cryptography/.
    John Wiley & Sons, 2003. [Pages 63-64]
[4] http://en.wikipedia.org/wiki/Blowfish_(cipher)

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 679 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080924/0175e2db/attachment-0001.pgp>

More information about the Gnupg-users mailing list