PDA

View Full Version : relative strength of encryption algorithms (blowfish, des, rinjdael...)



duck-billed platypus
12-30-2001, 03:46 PM
While I was researching information on strong encrytion alogrithms, I kept reading people saying that one algorithm was "stronger" than another. But it seems to me that there is no way to compare algorithms in terms of strength beyond the ability to stand up against know attacks.

From what Ive read, the only way to crack blowfish, des, rinjdael and the other 'strong' algorithms is through a brute force attack. And the ability for an algorithm to withstand a brute force attack has nothing to do with the algorithm itself, but the length of the key. So, it seems obvious to me that comparing relative 'strength' of the 'strong' algorithms is pointless because it all depends on the length of the key, which can be extended to any length desired using any algorithm by doing multiple passes with different segments of the key.

doubleanti
12-30-2001, 04:06 PM
>'strength' of the 'strong'

hmm... aside from the length of the key [ignoring time constraints as well] the design of the algorithm does have a lot to do with the strength of the algorithm... fundamentally your ideas are correct in that all known attacks have failed, but in doing so they strength their attacks... it's like an arms race... so perhaps it's not that fundamentally simple...

did you have any specific questions? or was this a discussion on the matter of the source of strength in cryptology algorithms?

Salem
12-30-2001, 04:12 PM
For general information, try
http://www.google.com/search?q=encryption+faq

For information on the relative cost of key lengths,
http://www.google.com/search?q=cryptographic+key+strength

duck-billed-platypus
12-30-2001, 04:20 PM
no question really, its just that I just make a file encryption scheme and I used blowfish. While i was coding the think I ran into some problems with the blowfish algorithm that i though could weaken the security of the encrypted data, and I was wondering should I just switch to one of the newer algorithms. But then I though that it really doesnt matter as long as your algorithm stands up to know attacks and has a long key, I just wanted to know was my reasoning correct or did I overlook something.