encryption/block ciphers

[theresa mic-snare]

hi devs,

i had to give a talk yesterday on OSSEC at my university, and one question my professor asked me was why the blowfish cipher was used for encrypted transmission of the log files, instead of the AES cipher.
not that it's any worse, but was there a specific reason to use blowfish?

i've read also that the blowfish cipher is now succeeded by twofish or threefish.

i'm curious :)

thanks,
theresa

[dan (ddp)]

These are more than likely questions for Daniel Cid (although Jeremy
might have quizzed him on these things).
It was probably thought of as "good enough" when dcid wrote OSSEC, and
no one who knows enough about crypto has sat down to re-write it.

> thanks,
> theresa
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-dev+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Michael Starks]

I don't think AES was out when OSSEC was first developed, or if it was,
it was very new. Twofish was a contender along with AES, so that was
also probably not considered at the time.

[Michael Starks]

On 10/15/2015 09:15 AM, Michael Starks wrote:
> I don't think AES was out when OSSEC was first developed, or if it was,
> it was very new. Twofish was a contender along with AES, so that was
> also probably not considered at the time.

Twofish was a contender for the government encryption standard that is.

[theresa mic-snare]

Thanks guys for your answers :)

@Michael: according to wikipedia AES was first published in 1998 and certified in 2000. I think OSSEC was release sometime in 2006, if I'm not mistaken?!
Blowfish was first published in 1993

I'm not an expert in encryption algorithms, maybe there was another advantage why Blowfish was used over AES.

[dan (ddp)]

Blowfish was popular in the OpenBSD/OpenSSH crowd for a bit. I think dcid was a fan. He's still the ultimate source though :-)

[theresa mic-snare]

Ah,  great intel Dan! Thanks for sharing ;)

I just talked to dcid on Twitter and he said this:

I don't have a good answer for that. The code was written 10+ years ago and blowfish was good enough at the time. If it was to re-do it now, I would probably use aes.

[Nathan Buuck]

Apologies if necro'ing older threads is undesirable in this group, but I'm

working to review the project's use of OpenSSL and noticed the presence of the

blowfish implementation. As best as I can tell, blowfish doesn't appear to

actually be used by the project. Searching the master branch, there are no

invocations of BF_encrypt() or BF_cbc_encrypt() in the OSSEC project. Given

this, should we remove the blowfish source from the project?

[Victor Fernandez]

Hi Nathan,

the Blowfish encryption is still being used for client-agent communication. We could discuss whether move to AES, but the Blowfish functions are currently necessary in OSSEC and cannot be removed.

Best regards.

To unsubscribe from this group and stop receiving emails from it, send an email to ossec-dev+unsubscribe@googlegroups.com.

[Nathan Buuck]

I seem to have missed the call to BF_cbc_encrypt() in OS_BF_Str() in bf_op.c. Sorry for the oversight.