[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to protect an encrypted file system for off-line attack?



On Mon, 23 Feb 2009 18:59:56 -0600
Ron Johnson <ron.l.johnson@cox.net> wrote:

> On 02/23/2009 02:43 PM, Celejar wrote:
> > On Sun, 22 Feb 2009 20:10:57 -0600
> > Ron Johnson <ron.l.johnson@cox.net> wrote:
> > 
> >> On 02/22/2009 07:03 PM, Javier wrote:
> > 
> > ...
> > 
> >>> And which is better, Blowfish or AES?
> >> AES.
> > 
> > Source?  Wikipedia just says:
> > 
> > "Blowfish provides a good encryption rate in software and no effective
> > cryptanalysis of it has been found to date. However, the Advanced
> > Encryption Standard now receives more attention."
> 
> http://en.wikipedia.org/wiki/Weak_key#List_of_algorithms_with_weak_keys
>      Blowfish. Blowfish's weak keys produce bad S-boxes, since
>      Blowfish's S-boxes are key-dependent. There is a chosen
>      plaintext attack against a reduced-round variant of Blowfish
>      that is made easier by the use of weak keys. This is not a
>      concern for full 16-round Blowfish.
> 
> > http://en.wikipedia.org/wiki/Blowfish_(cipher)

But it's "not a concern for full 16-round Blowfish", so is that really
a problem?

"There is no effective cryptanalysis on the full-round version of
Blowfish known publicly as of 2009[update]. A sign extension bug in one
publication of C code has been identified.

In 1996, Serge Vaudenay found a known-plaintext attack requiring 28r +
1 known plaintexts to break, where r is the number of rounds. Moreover,
he also found a class of weak keys that can be detected and broken by
the same attack with only 24r + 1 known plaintexts. This attack cannot
be used against the regular Blowfish; it assumes knowledge of the
key-dependent S-boxes. Vincent Rijmen, in his Ph.D. thesis, introduced
a second-order differential attack that can break four rounds and no
more. There remains no known way to break the full 16 rounds, apart
from a brute-force search.

Bruce Schneier notes that while Blowfish is still in use, he recommends
using the more recent Twofish algorithm instead."

http://en.wikipedia.org/wiki/Blowfish_(cipher)#Cryptanalysis_of_Blowfish

> > And what about Twofish?

So as I said, anything wrong with Twofish?

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator


Reply to: