[BBLISA] 3des vs blowfish for ssh?

David Allan dave at dpallan.com
Wed Jan 12 16:48:11 EST 2005


Blowfish is Bruce Schneier's algorithm which is explicitly not patented;
IDEA is patented.  I think in practical terms, both 3DES and Blowfish are
secure;  it's far easier to penetrate a system by other means than
decrypting either.  Schneier's book Applied Cryptography is a good
resource for this sort of thing, and my guess is that he'd be the first to
admit it if his algorithm had problems.

Dave


On Wed, 12 Jan 2005, Dean Anderson wrote:

> I don't think we have any genuine encryption experts, so its hard to say
> which is really better.  3des is still used by banks.  If I recall,
> Blowfish (or perhaps its IDEA or both) is patented.  Although, now that
> you bring up the point, it is kind of funny that AES isn't in the list for
> ssh....
>
> I can almost see DES decryptions not being too much work. I have the DES
> cracker book, and using current generation FPGA, its probably a lot
> cheaper than the $200K claimed of many years ago. By contrast, 3DES is
> quite a bit harder to crack, and has 168 bits of key, and effectively 48
> rounds instead of 16 rounds.
>
> If someone is breaking 3des, "you don't need to know". ;-)
>
> Some things still use DES, like AFS.
>
> 		--Dean
>
> On Wed, 12 Jan 2005, Scott Ehrlich wrote:
>
> > Hello to all:
> >
> > When using ssh, which encryption method is considered more secure - 3des
> > or blowfish?   I've always used 3des.
> >
> > Thanks for educating me.
> >
> > Scott
> >
> > _______________________________________________
> > bblisa mailing list
> > bblisa at bblisa.org
> > http://www.bblisa.org/mailman/listinfo/bblisa
> >
> >
>
> --
> Av8 Internet   Prepared to pay a premium for better service?
> www.av8.net         faster, more reliable, better service
> 617 344 9000
>
>
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa
>
>




More information about the bblisa mailing list