New collision attacks against triple-DES, Blowfish break HTTPS sessions

Discussion in 'privacy technology' started by ronjor, Aug 25, 2016.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    By Fahmida Y. Rashid InfoWorld | Aug 25, 2016 5:35 AM PT

     
  2. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Thank you for posting this, @ronjor.

    IIRC Bruce Schneier had been advising against the continued use of Blowfish as a for quite a while. [Edit: at least since 2007 according to an article cited on Wikipedia.]

    The algorithm had quite some longevity, when you consider it was developed in 1993. (Check out the CPU and GPU specs on SGI workstations from that period, and compare vs. Android phones from a few years ago.) A testament to Schneier's skill, I think.
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    He should know alright.
     
Loading...