Blowfish ain't broke. Yet. There was a time when everyone though MD5 was good enough. Now there is code on the internet to produce meaningful collisions. I bet a year or two from now pepople will laugh at the idea of using it to secure anything. It is dying a slow death. Sorry!
It is my understanding that Blowfish's 64 bit block may make it more vulnerable to cryptoanalysis than Twofish's 128. Whatever. No point talking about a subject with a really thin line. It is my opinion that OpenBSD lacks a good cryptographic disk solution. That is just an opinion. Yes, I know, code is much more valuable. I'm through. Travers On Friday 30 December 2005 09:02, Joachim Schipper wrote: > Looks like it ain't broke to me. Both MD5 and SHA-1 are beginning to > show their age, and there exist attacks that would, in some > circumstances, allow your TLA of choice to circumvent the protection > they should offer (most likely by faking signatures). In most > instances they are still perfectly acceptable ciphers, but I can see > how one would want to keep away from them. > > I know that I've switched to something different for the few cases > where I make a GnuPG signature, take out MD5 if at all feasible, and > try to replace SHA-1 where this isn't too inconvenient. > > On the other hand, I've not heard of any feasible attacks on > Blowfish. Which is not to say that Twofish might not be better, but > it ain't broke. Neither are MD5 or SHA-1, by the way. > > All in all, I can think of better things to do... > > Joachim