[Ach] Recommending Blowfish in the ACH paper
Aaron Zauner
azet at azet.org
Tue Nov 5 10:38:56 CET 2013
There was a short discussion yesterday involving if we should provide blowfish as fallback cipher. Now i’ve looked through a couple of cipher-strenght recommendation papers: most cite blowfish as “legacy”.
Furthermore blowfish seems to be vulnerable to weak-key attacks:
http://www.iacr.org/archive/fse2007/45930168/45930168.pdf
https://cs.columbusstate.edu/cae-ia/StudentPapers/Y2010_TheFall/StudentPapers_CPSC6126/PaperGonzalezTom.pdf
Blowfish bruteforcing tool:
http://www.altsci.com/concepts/bf_brute1.html
I’m not so sure anymore. What is your opinion? For sure we should exclude DES and Triple-DES.
Thanks,
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131105/fe3cca92/attachment.sig>
More information about the Ach
mailing list