[212] in cryptography@c2.net mail archive
Re: blowfish keylength
daemon@ATHENA.MIT.EDU (Mark Armbrust)
Wed Feb 12 01:43:17 1997
Date: Tue, 11 Feb 1997 17:26:14 -0700
To: cryptography@c2.net
From: Mark Armbrust <marka@ff.com>
At 02:25 AM 2/8/97 +0100, Niels Provos <provos@ws1.physnet.uni-hamburg.de>
wrote:
>Hi!
>
>Schneier states in Applied Cryptography that the keylength for Blowfish is
>limited to a maximum of 56 bytes.
>The key is used to initalize 18 32bit Subkeys which are preinitalized with
>the hexadecimal digits of Pi. The key is xored subsequently, when you
>reach the keylength you start again from the beginning.
>
>When you take 56 bytes as maximum. The subkeys P1-P4 and P15-P18
>are xored with the same keystream.
>
>Obviously you could also use 16 bytes more and xor those to P15-P18.
>
>Schneier also states that weak keys are those which leave S-boxes with two
>identical values in them. He says that case is unlikely to happen.
>
>Are there any reasons to use 56 bytes as max key length instead of 72 ?
>From Schneier's paper "Description of a New Variable-Length Key, 64-Bit
Block Cipher (Blowfish)"
The 448 limit on the key size ensures that the every bit of every
subkey depends on every bit of the key. (Note that every bit of P15,
P16, P17, and P18 does not affect every bit of the ciphertext, and
that any S-box entry only has a .06 probability of affecting any
single ciphertext block.)
If you want it, you can get the entire paper from www.counterpane.com.
--------------------------------------------------------------------------
| Mark Armbrust | Internet: marka@ff.com (preferred) |
| Forefront, Inc. | Compuserve: 74777,2132 |
| 4710 Table Mesa Drive, Suite B | Voice: 303-499-9181 ext. 113 |
| Boulder, CO 80303-5541, USA | Fax: 303-494-5446 |
--------------------------------------------------------------------------
