ENCRYPT$ quick question

[bigsofty]

What 128bit encryption algorithm does ENCRYPT$ use?

[Kitty Hello]

Blowfish.

[bigsofty]

Thanks Gernot, that's just the ticket!

[MrTAToad]

Blowfish is very secure, although Twofish is more "modern"

[Dark Schneider]

Blowfish.

The standard one that takes from 1-448 bits for key or one key long sized (i.e. to 128-bit)?, this is if it autofills or cuts the code$ param.

[MrTAToad]

I believe its a 128-bit algorithm...

[Dark Schneider]

I talk about this:
http://www.firstbackup.com/Product/Features/blowfish.asp

Blowfish supports key lengths of 32 to 448 bits

Here http://en.wikipedia.org/wiki/Blowfish_%28cipher%29 says

variable key length from 1 bit up to 448 bits

But, 1-bit? 

It is a standard to use 128-bit, but it would be good to know how GLBasic uses it, if it uses a fixed or variable length, if is fixed sized then it "fills" or "cuts" our code$ param, so if is fixed to 128-bit, is important to know because to make full use of it we should use a 16 characters length (128/8 bytes per character), but if it is variable then we can use any code$ up to 56 characters long.

Update: Well I think it uses a variable key length form, I have tested it with a 31-long code$, for encrypt and with the same 30-long one (removed the last character) and it can't decrypt, so it is using the full 248-bit of the code$ param to encrypt.

[bigsofty]

Here's a silly question, if I use two keys to encrypt it twice, does that counts as 256bit? 

[bigsofty]

Ah, I see, cool to know, thank you.

[MrTAToad]

There is no effective cryptanalysis on the full-round version of Blowfish known publicly as of 2011, although Twofish is recommended instead...

[Crivens]

We used Twofish for part of our CCA encryption until PCI standards moved the goalposts and it wasn't cool anymore. So AES or TDes instead. Although I use OpenSSL (good for MD5 and a boat load of other algorithms) on our Unix machines these days rather than messing about integrating C routines.

Cheers