Jerome Etienne wrote: > > > blowfish is fast and has quite a long track record. I'd use it if it > > wasn't for the 64bit blocksize. In fact, I do use it ;-) > > The blocksize isn't an issue if you enrypt only modest volumes of data > > under a single key (like you should!) Several hundred MB are OK. But > > don't go beyond 2 or 3 GB. > > what are the detail of the problem with blowfish beyond 2 or 3GB ? For any cipher, an attacker gets some information whenever two ciphertext blocks are the same. You want to keep the probability of this low, so you need to change keys often enough to do that. A rule of thumb for how often is 2 to the (blocksize/2) blocks. With a 64-bit blocksize (Blowfish, 3DES, CAST, IDEA, ...), keep it well under 2^32 blocks (32 gigs of text). Keeping it under 2 or 3 gigs is more conservative, likely a good idea. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
