© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Here's my take on it: Blowfish, as published by Schneier and as analysed by
academic cryptologists, supports keys up to 448 bits. Schneier has given a
specific reason for that. If you somehow manage to exploit a bug in the
reference implementation to use 72-byte keys, then you're not actually using
Blowfish; you're using something else---let's call it "576fish".
The job of Crypto.
for 576fish is beyond the scope of that module. (The AES module works the
same way---it only supports the 128-bit block size specified in the AES
standard, even though Rijndael supports larger block sizes.) I might be
persuaded to add a 576fish module, but of course I would use the same criteria
that I use for other requests to add additional ciphers to PyCrypto, such as:
- significant use in widely-deployed protocols and/or FOSS; and
- withstanding analysis by academic cryptanalysts.
At this time, I'm not aware of any widespread use of 576fish, nor any academic
cryptanalysis effort against 576fish.
Sorry, Eric, but my advice is that you re-key your database. You should have
a process to do that anyway, in case your keys are compromised without your
knowledge, or in case the algorithm is broken. I would suggest phasing out
576fish and replacing it with something like AES-256, while you are at it.
Regards,
- Dwayne