I agree with Bill with a minor modification. Bill is correct in that any of
the remaining AES candidates have probably seen more cryptanalysis than
Blowfish ever did. I also agree that 3DES is solid. Though I do like DESX,
since there is a proof that DESX has twice the effective key length of DES.
There is no similar proof (and several doubts) about the effective key
length of 3DES.
The bottom line is, unless you can articulate good reasons why not to use
3DES, you are probably well served by using it. Much of it here depends on
time-to-market requirements. If you don't anticipate fielding the system
until later this year, you might be best of doing what just about every
other working group in this situation has done: spec AES and fill in the
winning candidate once it is chosen this summer.
Enjoy,
--Lucky Green <[EMAIL PROTECTED]>
"Among the many misdeeds of British rule in India, history will look
upon the Act depriving a whole nation of arms as the blackest."
- Mohandas K. Gandhi, An Autobiography, pg 446
http://www.citizensofamerica.org/missing.ram
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
> Of Bill Stewart
> Sent: Sunday, May 07, 2000 21:17
> To: Multiple recipients of list
> Subject: Re: Blowfish or 3DES?
>
>
> Depends on your threat models. Who might want to crack your stuff?
> Do you want to use it in the financial industry?
> 3DES is the choice there, simply because everybody knows and trusts it.
> Is there a good reason not to just incorporate PGP into your application
> instead of writing your own crypto implementation?
>
> DES has been very thoroughly studied by very many great cryptographers,
> so there are unlikely to be major new holes in it.
> Obviously you need 3DES rather than 1DES.
> The keys are more than long enough for currently forseeable technology.
> The important thing that 3DES gives you besides analysis of the algorithm
> is many implemented packages which have some opportunity to have been
> debugged, cracked, fed overlong keys to see if they explode, etc.
> Sure, it's dog-ugly, but it's a dog you know.
>
> If I wanted a non-3DES algorithm, I wouldn't use Blowfish -
> Bruce Schneier et al. have Twofish out, and while the primary goals
> of the redesign are to fit into the AES requirements framework,
> rather than to strengthen the algorithm, they may have benefited from
> experience,
> and there have also been heavy efforts to break it and the other AES
> candidates.
> They've been a lot briefer than the attacks on 3DES, but probably more
> attention than has been paid to Blowfish. Another advantage of Twofish
> over Blowfish is that it also has some reference implementations that have
> been checked out reasonably well.
>
> Either one can probably do quite well. Do you have to worry about
> compatibility?
> Do you have to worry about setup time, or only run time, or
> really neither?
> (Neither is nice, and often realistic, as long as the stuff's not way
> slower than 3DES.)
> Do you have to worry about space (e.g. fitting on smartcards or phones,
> or is this just basic PC/Workstation stuff?)
>
>
> >From: "Nathan Saper" <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>
> >Sent: Sunday, May 07, 2000 12:32 AM
> >Subject: Blowfish or 3DES?
> >
> >> Which is better for everyday encryption where speed is not a
> big issue? I
> >> know that Blowfish is better than vanilla DES, but is it
> better than 3DES?
>
>
> Thanks!
> Bill
> Bill Stewart, [EMAIL PROTECTED]
> PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
>
>
>
