What 128bit encryption algorithm does ENCRYPT$ use?
Blowfish.
Thanks Gernot, that's just the ticket! :D
Blowfish is very secure, although Twofish is more "modern"
Quote from: Kitty Hello on 2011-May-16
Blowfish.
The standard one that takes from 1-448 bits for key or one key long sized (i.e. to 128-bit)?, this is if it autofills or cuts the code$ param.
I believe its a 128-bit algorithm...
I talk about this:
http://www.firstbackup.com/Product/Features/blowfish.asp (http://www.firstbackup.com/Product/Features/blowfish.asp)
QuoteBlowfish supports key lengths of 32 to 448 bits
Here http://en.wikipedia.org/wiki/Blowfish_%28cipher%29 (http://en.wikipedia.org/wiki/Blowfish_%28cipher%29) says
Quotevariable key length from 1 bit up to 448 bits
But, 1-bit? :blink:
It is a standard to use 128-bit, but it would be good to know how GLBasic uses it, if it uses a fixed or variable length, if is fixed sized then it "fills" or "cuts" our code$ param, so if is fixed to 128-bit, is important to know because to make full use of it we should use a 16 characters length (128/8 bytes per character), but if it is variable then we can use any code$ up to 56 characters long.
Update: Well I think it uses a variable key length form, I have tested it with a 31-long code$, for encrypt and with the same 30-long one (removed the last character) and it can't decrypt, so it is using the full 248-bit of the code$ param to encrypt.
Here's a silly question, if I use two keys to encrypt it twice, does that counts as 256bit? :S
Ah, I see, cool to know, thank you.
There is no effective cryptanalysis on the full-round version of Blowfish known publicly as of 2011, although Twofish is recommended instead...
We used Twofish for part of our CCA encryption until PCI standards moved the goalposts and it wasn't cool anymore. So AES or TDes instead. Although I use OpenSSL (good for MD5 and a boat load of other algorithms) on our Unix machines these days rather than messing about integrating C routines.
Cheers