At 04:33 PM 5/30/03 -0700, bear wrote: ...
Blowfish has been around longer than Rijndael; I think AES may not yet have gotten as much cryptographic attention as Blowfish's several-year headstart has given it. I think that a "perfect cipher" of Blowfish's block size would necessarily be less secure than a "perfect" cipher of AES' block size, but I'm not aware of any work demonstrating either to be an example of a "perfect cipher". (Nor any methodology such work could employ, for that matter).
AES has gotten a lot of attention, and right now, it's the high-prestige target. (Among other things, it was clearly a front-runner in the AES process from the beginning, and all of us who'd designed other algorithms spent a lot of time trying to beat up on it.) Blowfish has been around longer, but has probably had fewer people spend lots of time trying to break it. The still-unresolved question is whether those equation-solving attacks can really be used against AES, and there doesn't seem to be anyone who's completely confident of the answer to that question.
...
Bear
--John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
