John at Mozilla-Enigmail.org
Wed Sep 24 09:57:34 CEST 2008
> Robert J. Hansen escribió:
>> Faramir wrote:
>>> didn't include Blowfish because I was told it is not supported by PGP
>> PGP can read Blowfish traffic. It won't generate Blowfish traffic, but
>> that's a separate issue.
> Interesting... I will add it to my list... please note I am still
> talking about what I can receive, I intend to keep using the most used
> algo's in my preferred algo's as a sender... maybe not in the same
> order, but the same list.
>>> [Schneier] says people should move to Twofish.
>> No, Schneier has recommended people abandon Twofish and move to AES.
> Maybe he said both things, my source was wikipedia, but they provided
> a link to the interview where he said that:
> Dahna, McConnachie (2007-12-27). "Bruce Almighty: Schneier preaches
> security to Linux faithful". Computerworld 3. Retrieved on 2007-12-31.
> "At this point, though, I'm amazed it's still being used. If people ask,
> I recommend Twofish instead."
Well, sort of. That section of the interview is talking about Twofish wrt folks
still using Blowfish (top of page three). Since you didn't provide a link, I
Q: A rough count from the list on your Web site indicates that there are well
over 150 software products (including the mainline Linux kernel, from
v2.5.47) that use Blowfish. Has it exceeded or met your expectations?
A: I don't know if I had any expectations. There weren't enough alternatives to
DES out there. I wrote Blowfish as such an alternative, but I didn't even
know if it would survive a year of cryptanalysis. Writing encryption
algorithms is hard, and it's always amazing if one you write actually turns
out to be secure. At this point, though, I'm amazed it's still being used. If
people ask, I recommend Twofish instead.
Don't see any mention of AES.
Also, you may wish to consider that on page four of that interview, when asked
about a 3rd edition of /Applied Cryptography/, Schneier responds:
"However, in a way there is now a sequel. Practical Cryptography, by
Neils Ferguson and myself, was published this year. It's about
cryptography as it is used in real-world systems, about cryptography
as an engineering discipline rather than cryptography as a mathematical
"This is the book we wish we'd had more than a decade ago when we
started our cryptographic careers. It collects our combined experiences
on how to design cryptographic systems the right way. In some ways, this
book is a sequel to Applied Cryptography, but it focuses on very practical
problems and on how to build a secure system rather than just design a
And in /Applied Cryptography/, they write:
4.5.7 Which Block Cipher Should I Choose
"/That/ is the question. Don't forget that we are biased because we were part
of the team that designed Twofish. We also spent quite a lot of time attacking
the other AES finalist, which further influences our point of view.
"The safe choice for your career is AES. This is the official standard,
sanctioned by the U.S. government. Everybody else will be using it, too. We do
not think it is the absolute safest choice for your data, but if there is ever a
successful attack against AES, it obviously won't be your fault. They used to
say "nobody gets fired for buying IBM." Similarly, nobody will fire you for
choosing AES. As long as it isn't you who loses money and/or sleep if AES gets
broken, choose AES.
"AES has other advantages. It is relatively easy to use and implement. All
cryptographic libraries support it, and all customers like it as it is "the
standard." In this sense, you cannot go wrong with AES.
"If you are paranoid about the security of your data, and speed is not that
important, then you should choose Serpent. During the AES process, every serious
cryptographer agreed that Serpent was the most secure (or most conservative) of
all the submissions.
"That does not leave a lot of room for Twofish. You should only choose Twofish
if you want the speed of AES without the security disadvantages listed above. Of
course, all the institutional advantages of AES will now weigh against you. If
Twofish is ever broken, you will be blamed for selecting it.
"There are probably circumstances in which 3DES still is the best solution. If
you have to be backward compatible, or are locked into a 64-bit block size by
other parts of the system, then 3DES is still your best choice...
WikiPedia can provide good background. It is not always authoritative.
BTW, I tracked down the page you referenced, It was Wikipedia's Blowfish
page. Item 3 under Notes and references.
I'm going to agree with the others, most folks will tell you AES and 3DES if you
need the backwards compatibility.
 Ferguson, Niels & Schneier, Bruce. /Practical Cryptography/.
John Wiley & Sons, 2003. [Pages 63-64]
John P. Clizbe Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys at gingerbear.net?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 679 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users