---- Original message ---- >Date: Fri, 30 Dec 2005 01:27:42 -0800 >From: Chris Cappuccio <[EMAIL PROTECTED]> >Subject: Re: Blowfish still good enough? >To: Travers Buda <[EMAIL PROTECTED]> >Cc: misc@openbsd.org > >Travers Buda [EMAIL PROTECTED] wrote: >> >> My concern is the strength of Blowfish--it's robustness--if someone with >> a large amount of resources desired to crack it. >> > >You mention that twofish is faster than blowfish. So, you would rather >make a brute force password attack easier? >
bingo! this is exactly why blowfish is a good encryption algorithm: it's very strong against brute forcing since attempting each key requires 512 operations to fill the S-boxes. i would be more worried about brute forcing than i would cryptanalytic attacks, perhaps my confidence is misplaced :P. if anybody had a reasonably large quantum computer, all of this would be irrelevant. i sure hope that's not the case! see http://groups.google.com/group/sci.crypt/msg/6f6e157149330057 for an opinion of twofish.
