[ILUG] Re: [ILUG][OT] excryption (was: ALERT: EU storing all net traffic)

[Enda]

> > > But since you have brought it up, the GPG ciphers, why didn't they
> > > include XOR encoding, its as strong as Blowfish.
> >
> > I assume you're aiming to avoid being taken seriously.
>
> Well, XOR encoding is arguably one of the most secure and efficient
> _algorithms_ for encrypting data. Assuming that the plain text is being
> XOR'ed with a suitably large random data set. So I would say Enda is
right -
> up to a point.

Actually the point I was trying to make was that Blowfish encryption is next
to useless (if your looking for security and not an decoding barrier for
"eve"), and was hoping to open some minds out there on the topic. After
another 60 hours straight at the machine, the point was probably not made
very well. Another off-list post made a point that RSA didnt support 128bit
key sizes, yeah again sloppiness on my part, should have referred to browser
SSL, which of course would be RC4 MD5 / SHA-1 as made by RSA or one of the
other four or so interop alternatives.

All linux communities have an abundance of people who would describe
themselves as hackers and security pros, crackers too. What has always
amazed me with the linux communities is the inherent trust that is placed in
the Blowfish encryption algorithm, mainly because the author of the
algorithm comes from that self same community and is widely regarded as "one
of us", and rightly so too.

However endorsement of this algorithm by the linux community and by tools
such as gpg is wrong, especially in light of the fact that the author has
publically denounced the security value of the algorithm, and outlined in
hard back print (ISBN 0-471-35381-7 i think..) cryptanalysis that shows
blowfish failure.

 -Enda