> -----Original Message-----
> From: Brian Snyder [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 23, 2000 1:10 PM
> ps. As an aside, which is considered safer BF w/ 16 bytes or
> DES w/ 24?
That depends whom you ask. There are cryptography professionals who argue
that newer cyphers (like Blowfish) haven't been studied enough yet to be
trusted. That's a judgement call. The general consensus seems to be that
both DES and Blowfish are probably reasonably secure under a typical
everyday-use threat model.
Assuming the best attack against a (symmetric) cypher is brute force, then
key length is essentially the measure of security.
Neither Blowfish nor DES have (publicly) known attacks better than brute
force.
However, cyphers are rarely the failure point in information-hiding systems.
Usually it's a protocol design error (MS PPTP 1.0), implementation error
(poor entropy sources in Netscape SSL 1.0), user error (easily-guessed
password), or side channel (a buffer overflow elsewhere in the app bypasses
security altogether).
A 128-bit (16 byte) *well-chosen* key is good enough. No one's going to
brute-force that. Anyone who wants your data that badly would be better off
looking for other weaknesses in your system, or simply applying their
resources to have you kidnapped and tortured. ("well-chosen" means your
attackers shouldn't be able to make any valid assumptions about your key
choice process that would allow them to narrow down the key space. Your key
might be taken from the output of a cryptographically strong PRNG, for
example.)
(By the way, DES doesn't have a 24-byte key. It has a nominal 64-bit key
with 56 effective bits. 3DES with three distinct keys has a nominal key
length of 192 bits or 24 bytes, but its effective key length is 168 bits.)
Michael Wojcik [EMAIL PROTECTED]
MERANT
Department of English, Miami University
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
