Re: How to protect an encrypted file system for off-line attack?
On Mon, 23 Feb 2009 18:59:56 -0600
Ron Johnson <ron.l.johnson@cox.net> wrote:
> On 02/23/2009 02:43 PM, Celejar wrote:
> > On Sun, 22 Feb 2009 20:10:57 -0600
> > Ron Johnson <ron.l.johnson@cox.net> wrote:
> >
> >> On 02/22/2009 07:03 PM, Javier wrote:
> >
> > ...
> >
> >>> And which is better, Blowfish or AES?
> >> AES.
> >
> > Source? Wikipedia just says:
> >
> > "Blowfish provides a good encryption rate in software and no effective
> > cryptanalysis of it has been found to date. However, the Advanced
> > Encryption Standard now receives more attention."
>
> http://en.wikipedia.org/wiki/Weak_key#List_of_algorithms_with_weak_keys
> Blowfish. Blowfish's weak keys produce bad S-boxes, since
> Blowfish's S-boxes are key-dependent. There is a chosen
> plaintext attack against a reduced-round variant of Blowfish
> that is made easier by the use of weak keys. This is not a
> concern for full 16-round Blowfish.
>
> > http://en.wikipedia.org/wiki/Blowfish_(cipher)
But it's "not a concern for full 16-round Blowfish", so is that really
a problem?
"There is no effective cryptanalysis on the full-round version of
Blowfish known publicly as of 2009[update]. A sign extension bug in one
publication of C code has been identified.
In 1996, Serge Vaudenay found a known-plaintext attack requiring 28r +
1 known plaintexts to break, where r is the number of rounds. Moreover,
he also found a class of weak keys that can be detected and broken by
the same attack with only 24r + 1 known plaintexts. This attack cannot
be used against the regular Blowfish; it assumes knowledge of the
key-dependent S-boxes. Vincent Rijmen, in his Ph.D. thesis, introduced
a second-order differential attack that can break four rounds and no
more. There remains no known way to break the full 16 rounds, apart
from a brute-force search.
Bruce Schneier notes that while Blowfish is still in use, he recommends
using the more recent Twofish algorithm instead."
http://en.wikipedia.org/wiki/Blowfish_(cipher)#Cryptanalysis_of_Blowfish
> > And what about Twofish?
So as I said, anything wrong with Twofish?
Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator
Reply to: