[Ach] Recommending Blowfish in the ACH paper

Aaron Zauner azet at azet.org
Tue Nov 5 10:38:56 CET 2013

There was a short discussion yesterday involving if we should provide blowfish as fallback cipher. Now i’ve looked through a couple of cipher-strenght recommendation papers: most cite blowfish as “legacy”.

Furthermore blowfish seems to be vulnerable to weak-key attacks:

Blowfish bruteforcing tool:

I’m not so sure anymore. What is your opinion? For sure we should exclude DES and Triple-DES.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131105/fe3cca92/attachment.sig>

More information about the Ach mailing list