Blowfish and CBC are commonly used together, but they deal with separate issues.
If you are trying to deal with Blowfish and CBC together, then you are probably going to have a tougher time because you are solving two problems in one step. -- Lynn On Sun, 23 Nov 2003 21:25:54 -0600, [EMAIL PROTECTED] wrote: > > From what I've read I think you are kinda sorta right. > The problem is that when you lookup Blowfish you will find > many "flavors" of it and one is CBC -- And that is just > the beginning ... :( > > Also the key "cooking" also throws yet another monkey > wrench into things but then this goes well outside of of > Blowfish norms and this is a very nasty "layer" that you'd > never expect to be there. > > Really need a nice clean white paper *AND* test vectors! > With that in hand I'd tend to be willing to argue that the > OpenSRS interface is relatively open archecture. But until > there is such clean and clear docs for that very nasty > layer, then I'll continue to argue OpenSRS API is targeted > for a single platform environment. > > The really said part is that *SOMEBODY* at Tucows should > be able to hammer out that doc, and create test vectors. > fairly easily (1 or 2 days at most) and put the issue to > rest. > > I finally *COMPLETELY* gave up of the API and just > scripted the RWI. Does what I need and the code runs on > Win98 and any other Windows OS I need to run it on. But > that's really dumb. If someone has my username and > password they can do most common operations from any PC in > the world using industry standard SSL. So what does DES, > Blowfish, and IP locking even buy us? Nothing at all. > > I'm not ignoring that DES and Blowfish are the result of > history, I'm just saying clearly doc the damn thing and > provide test vectors since it's very hard to debug > encrypted data as that's the entire point to encrypting > data in the first place. > > > On Sun, 23 Nov 2003 16:52:13 -0800 > "Lynn W. Taylor" <[EMAIL PROTECTED]> wrote: >>I haven't spent a whole bunch of time on this, but maybe >>this will help.... >> >>I don't think the problem is Blowfish, I think it is CBC. >> >>Blowfish is a block cypher, and OpenSRS needs a streaming >>cypher. CBC is a technique to turn block cyphers into >>streaming cyphers. >> >>>From what I've read, there appears to be two flavors of >>>CBC: the "real world standard" one, and the one >>>implemented in the PERL Crypt:CBC library. >> >>There are a couple of other differences, but there are >>third-party documents that cover them. As far as I >>remember, they had to do with how keys were generated for >>the cypher. >> >>-- Lynn
