[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-crypto
Subject:    Re: a question about ciphers
From:       Sandy Harris <sandy () storm ! ca>
Date:       2001-12-13 16:50:57
[Download RAW message or body]

Jerome Etienne wrote:
> 
> > blowfish is fast and has quite a long track record. I'd use it if it
> > wasn't for the 64bit blocksize. In fact, I do use it ;-)
> > The blocksize isn't an issue if you enrypt only modest volumes of data
> > under a single key (like you should!) Several hundred MB are OK. But
> > don't go beyond 2 or 3 GB.
> 
> what are the detail of the problem with blowfish beyond 2 or 3GB ?

For any cipher, an attacker gets some information whenever two ciphertext
blocks are the same. You want to keep the probability of this low, so you
need to change keys often enough to do that.

A rule of thumb for how often is 2 to the (blocksize/2) blocks. With a
64-bit blocksize (Blowfish, 3DES, CAST, IDEA, ...), keep it well under
2^32 blocks (32 gigs of text). Keeping it under 2 or 3 gigs is more
conservative, likely a good idea.
-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

[prev in list] [next in list] [prev in thread] [next in thread]