LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

OpenOffice and document encryption portability

OpenOffice and document encryption portability

Posted Apr 3, 2012 1:54 UTC (Tue) by BradD (subscriber, #83895)
In reply to: OpenOffice and document encryption portability by jzbiciak
Parent article: OpenOffice and document encryption portability

Why the need to jump to AES, in any case? There adenoid know weaknesses to blowfish (besides the always present brute-force) are there?

(Log in to post comments)

OpenOffice and document encryption portability

Posted Apr 3, 2012 2:05 UTC (Tue) by jzbiciak (✭ supporter ✭, #5246) [Link]

Blowfish has key-dependent S-boxes. This makes it much harder to optimize.

OpenOffice and document encryption portability

Posted Apr 3, 2012 2:14 UTC (Tue) by BradD (subscriber, #83895) [Link]

Doesn't that make brute-force more time consuming too -- potentially a good thing?

OpenOffice and document encryption portability

Posted Apr 3, 2012 3:49 UTC (Tue) by jzbiciak (✭ supporter ✭, #5246) [Link]

I wouldn't argue against that. It seems like in general it would offer more security as long as you could also prove there were no categorically bad S-boxes. (I believe that to be true for Blowfish, but I'm no cryptographer.)

In the original context of "bitslice optimizing an encryption algorithm," though, it appears Blowfish does not lend itself to this technique with a generic loop kernel. You might have to dynamically generate a kernel based on the specific S-boxes.

And, of course, bitslice algorithms can't help you at all with modes like cipher block chaining (CBC) or cipher feedback mode (CFB), where one encrypted block feeds into the next. Am I dreaming, or did Schneier also develop a tree-like structure for chaining that sought to keep the security but also allowed for more parallelism than CBC or CFB?

OpenOffice and document encryption portability

Posted Apr 3, 2012 4:07 UTC (Tue) by BradD (subscriber, #83895) [Link]

I believe Schneier mentioned interleaved cipher block chaining or the ideas behind it, but I don't think they are part of Blowfish.

OpenOffice and document encryption portability

Posted Apr 3, 2012 5:09 UTC (Tue) by jzbiciak (✭ supporter ✭, #5246) [Link]

I wasn't saying it was part of Blowfish or even its follow-on, Twofish; rather I was just remembering that somebody (possibly Schneier) also tried to address the parallelism question of chaining modes at some point.

In other interesting news, while trying to research the topic of interleaved chaining modes further on Google, I discovered it has already updated its index to include your reply above in this thread.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds