Page 1 of 1

Which type of encryption?

Posted: Wed Nov 09, 2005 5:43 pm
by Sequalit
Which type of encryption would be better to use?

Blowfish or SHA256?

Posted: Wed Nov 09, 2005 5:50 pm
by feyd
s.h.a. :)


but maybe I'm biased! :D

Re: Which type of encryption?

Posted: Wed Nov 09, 2005 7:24 pm
by Roja
Sequalit wrote:Which type of encryption would be better to use?

Blowfish or SHA256?
The strength of SHA has been tested longer, and has been attacked (unsuccessfully) more often. The successful attacks against SHA have only reduced the relative strength overall, not compromised ("Broken"), the core elements of the algorithm.

Blowfish, by way of comparison is relatively new, has had fewer formal analyses performed on it, and uses an unrelated algorithm.

Traditionally, cryptographers would weight SHA256 as more secure, based on those criteria.

But since we don't *know* the true strengths and weaknesses of either to a provable point, its a judgement call at best.

Re: Which type of encryption?

Posted: Wed Nov 09, 2005 7:31 pm
by Chris Corbyn
Roja wrote:
Sequalit wrote:Which type of encryption would be better to use?

Blowfish or SHA256?
The strength of SHA has been tested longer, and has been attacked (unsuccessfully) more often. The successful attacks against SHA have only reduced the relative strength overall, not compromised ("Broken"), the core elements of the algorithm.

Blowfish, by way of comparison is relatively new, has had fewer formal analyses performed on it, and uses an unrelated algorithm.

Traditionally, cryptographers would weight SHA256 as more secure, based on those criteria.

But since we don't *know* the true strengths and weaknesses of either to a provable point, its a judgement call at best.
How long has SHA256 been around for? I'm sure Blowfish was around a good 3 years back.... unless I'm getting muddled with something else :?

(Maybe I should learn to use Google :P )

Re: Which type of encryption?

Posted: Wed Nov 09, 2005 7:51 pm
by Roja
d11wtq wrote: How long has SHA256 been around for? I'm sure Blowfish was around a good 3 years back.... unless I'm getting muddled with something else :?

(Maybe I should learn to use Google :P )
Well, thats a tricky phrasing. The better question is when did SHA get introduced. SHA-256 is just a larger bitsize variation of the original algorithm.

I'll leave it to wikipedia to answer both:
Wikipedia wrote:The SHA algorithms were designed by the National Security Agency (NSA) and published as a US government standard.

The first member of the family, published in 1993, is officially called SHA; however, it is often called SHA-0 to avoid confusion with its successors. Two years later, SHA-1, the first successor to SHA, was published. Four more variants have since been issued with increased output ranges and a slightly different design: SHA-224, SHA-256, SHA-384, and SHA-512 — sometimes collectively referred to as SHA-2.

Attacks have been found for both SHA-0 and SHA-1, while no attacks have been reported on the SHA-2 variants.
Wikipedia wrote:Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. While no effective cryptanalysis of Blowfish has been found to date, more attention is now given to block ciphers with a larger block size, such as AES or Twofish.

Schneier designed Blowfish as a general-purpose algorithm, intended as a replacement for the aging DES and free of the problems associated with other algorithms. At the time, many other designs were proprietary, encumbered by patents or kept as government secrets. Schneier has stated that, "Blowfish is unpatented, and will remain so in all countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone."
As you can see, I was mistaken, and they both came out in the same year.

I return to my previous statement of "its a judgement call at best".