[PYTHON-CRYPTO] amkCrypto: Cipher decrypt(string) output

Andrew Archibald aarchiba at YAHOO.COM
Wed Mar 28 22:38:04 CEST 2001


On Wed, Mar 28, 2001 at 08:19:04PM -0000, Jason R. Mastaler wrote:
> Andrew Archibald <aarchiba at YAHOO.COM> writes:
>
> > if creating new Blowfish objects is too expensive.  If it's not, you
> > should be using triple DES, which will be faster and more secure (if
> > prehaps not as sexy[1]) than constantly re-keying Blowfish.
>
> I'm a bit confused by what you are saying here.  I don't mind creating
> a new blowfish object to decrypt a piece of ciphertext, but it
> seems that to do this I must use both the same key and the same IV
> that were used to produce that ciphertext.  Is this correct?

Yes.  In CBC mode, you need both key and IV to decrypt the message.
However, the IV can safely be sent along with the message.  It should be
unique, so that the same message will encrypt to different things, but it
does not need to be secret.  Read Applied Cryptography, or if you have more
patience and less money, see the Handbook of Applied Cryptography, which is
available on-line.

> Secondly, why exactly is using triple DES any better than blowfish?
> Does not DES3 require re-keying as well?

3DES also requires re-keying.  The difference is that Blowfish has a very
expensive key schedule --- something like 5k of subkeys need to be set up,
which involves doing many Blowfish encryptions, every time you create a new
state.  (This needs to be done when you change the key, but it's an API
limitation that requires you to do it when you want to reset, eg, the
cipher state).  So re-keying 3DES will be quicker, and 3DES is more secure,
having had many many years of essentially unsuccessful cryptanalysis.

Andrew





More information about the python-crypto mailing list