-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Robert J. Hansen escribió: > Faramir wrote: >> Maybe he said both things, my source was wikipedia, but they provided >> a link to the interview where he said that: > > Add this to the list of things Wikipedia has screwed up.
No, it was me who screwed it, by quoting the quote, but not providing the link to the full interview. Of course the interview could have been changed, but it looks "natural"... (mean, if they cut and paste, it is not obvious) http://tinyurl.com/3hxjp9 (page 3 of the interview. If somebody wants to read the interview but thinks tinyurl is not safe, search wikipedia for Twofish, and follow the link for Blowfish, and look at the references). In fact, the interview is interesting, Schneier talks a bit about the real security, and the feeling about security... > Schneier has repeatedly advocated for AES. Go read his _Practical > Cryptography_ and see what he says about Twofish, and see what he says > about AES. I give a lot more weight to his professional writing than an > interview with a journalist -- who knows what got edited out? I will try to read it, probably I will have better chances to understand something that if I read _Applied Cryptography_ > Schneier may have, in that interview, meant to say "if people really > like Blowfish, I recommend they look at Twofish, but really, there's no > reason not to use AES." Or maybe he was deprived of caffeine at that time, and forgot to talk about AES... Anyway, from Wikipedia, I got the idea Twofish was not chosen because it is a bit slower than AES with 128 bit keys (and probably, at that time they thought these would be the most used keys), but it is a bit faster with 256 bit keys... But it is just they idea I got from an unreliable source of information... I use wikipedia to avoid having to read a lot of high density information, and to get the main idea about things... >> And according to Wikipedia, the only known way to break the full 16 >> rounds implementation is brueforce... it seems the only one who >> recommends to move is its author... > I like Blowfish. That's an emotional reaction to an algorithm. The It is ok to have emotional reactions, as long as these reactions don't break things or put yourself in danger... > fact I like Blowfish is totally irrational; really, I ought to use AES > or 3DES. In fact, the rational part of me says Blowfish really ought to > be dropped from OpenPGP implementations entirely, along with Twofish, > and CAST5 ought to be considered legacy support and read-only. I don't think Twofish should be read-only, since it was a finalist in the same contest where AES was elected... and by reading Schneier's blog, it seems he still thinks it is safe... but of course, I just looked at the most recent entry with "Twofish" word... I _suppose_, if we have different algo's for encryption, if one of them fails, we would just need to modify a preference, and we can be safe again (for a while)... > But I still like Blowfish. What can I say? I'm a human being. I'm > allowed to occasionally be sentimental. Just don't mistake > sentimentality for sound reasoning. Don't worry, I know the difference... and since I suppose you was rational when you said any encryption algo included in GPG was safer than we would need, I allow myself to do irrational choices... but just because any choice is supposed to be safe enough. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI2gNNAAoJEMV4f6PvczxA0JMH/3FiSnay9+YfH+8qLeKXWO0J jMAgYGRgVDWQYLbkCItQnoDtTXI91yMGgulOy+hAh5biP1jhOLbTNcVNoaTGtd9A NLt8haSE7Js+UfUdbF4PYF7zTfvsDtGQdH3VnSBTskona4WmEORnzMbGOhMq9qEQ JM3TkJB5HDyd8+qZHewLnTvq5rBW73UiIXdiiLy0PY6Is0WrIqd4unVNwzjpCTBn 4NjhH22DO1SjiR1fOSnMnd8S729p78+/gw0+nK4isqeRHhw6jJ9ZR7MMX/yUdbOe 3vAjn5uyRBHeWf2oJ1h+1EOqt2Q9GGFo7LpSQ/klHedf2SnnIn7gydK11KKTCn8= =Kpum -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users