[plug] Encyption algorithms

Christian christian at global.net.au
Sat Nov 13 09:53:15 WST 1999


Beau Kuiper wrote:
> 
> Hi all,
> 
> I am playing with encryption/decryption stuff. I am wondering does anyone know
> about this and can anyone tell me how good the CAST-128 algorithm is (there is
> an RFC that describes it saying it is quite good).

I'm no expert on cryptography and I don't really know very much about
CAST-128 but I'll toss in my 2c anyway. :)  Basically, depending on
exactly what you want to do with it there are probably better choices. 
I don't think CAST-128 would have been cryptanalysed as much as
something like IDEA or Blowfish and certainly nowhere near as much as
DES.  As I said, depending on exactly what you want to do with it, the
following would probably be my choice:

1. 3DES:  The major weakness with DES being the short keylength mandated
(56 bits).  If you use 3DES (Triple DES) the effective keylength
supposedly goes up to around 112-bits which should certainly be enough
for now.  The major advantage of this algorithm is that DES has probably
been examined by more cryptanalysts than any other algorithm so the
probability that a weakness will be discovered is unlikely.

2. Blowfish:  Pretty popular algorithm due to it's free nature and the
fame of it's inventor (Bruce Schneier).  The advantages of it are this,
the fact that it has been cryptanalysed a fair bit and also the variable
key length (32 to 448 bits).  It's also pretty fast.  There have been
some weaknesses found in Blowfish but they're generally fairly minor I
think.  You could also possibly try Twofish which is Schneier's
candidate for the new AES (Advanced Encryption Standard) to replace DES.

3. IDEA:  Generally regarded as quite a good algorithm but has patent
problems.  Bear in mind that if you use this then it limits the "free"
nature of your program.  I think the most recent "license" for using
their patent is that its free for non-commercial use.  So this means if
you were to GPL or BSD license your program, it would have this
unfortunately constraint on it.

Of course, it really depends on the purpose you need the encryption
for...

> I plan to be adding security commands/features to an ftp server I have
> programmed.

Really?  That sounds interesting... how do these new (non-standard
*cough*) security features work?  Let me know how it goes...

Regards,

Christian.

-- 
Portability is for people who cannot write new programs.
				- Linus Torvalds, jokingly, on Linux's
				  perceived non-portable design in 1992


More information about the plug mailing list