My current understanding of the situation is that there are no known
effective attacks against Blowfish so long as it's adequately
implemented according to the suggested specifications and it's
relatively limited block size accounted for, and I naturally tend to
gravitate towards tested-and-tried, reliable things with a more or
less impeccable record.
Then you really ought be using 3DES, which is the most heavily
scrutinized symmetric algorithm in OpenPGP. AES is a close second.
even if not, it would still make sense to me to allow for greater (or
better yet, full) key size to be utilized specially for situations
when performance is extremely critical and something like Twofish
just won't do.
Which situations are those?
As for AES, while there doesn't seem to be anything fundamentally
wrong with it, the fact that it was pushed so extensively by the
powers that be and the fact that it's considerably easier on the
hardware (as compared to say, Twofish), makes it a candidate for
large-scale, targeted cryptanalysis, so I wouldn't put it past me
that the NSA's onto something already.
In a word, 'no'. In three, 'oh *hell* no'.
The best attack on 3DES, after more than 40 years of academic research,
requires ~10^17 bytes of RAM and ~10^34 encryptions. That's 100
petabytes of RAM, which is silly enough already. 10^34 encryptions,
each of which requires a minimum of erasing ~10^3 bits of data during
its evolution through S- and P-boxes, and the laws of physics flat
*require* losing about 10**-22 joules per erasure... you're talking
about liberating 10**15 joules as heat. That's about what a nuclear
bomb puts out.
And that's for 3DES, which is generally believed to be by far the
*worst* cipher in OpenPGP.
Why would anybody break ciphers the hard way with cryptanalysis, when
real-world systems are so easily exploitable and the human beings behind
them even moreso?
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
