From: Erann Gat
Subject: Re: The blowfish encryption algorithm, in CL [CODE]
Date: 
Message-ID: <gat-2606020942540001@192.168.1.50>
In article <··············@gondolin.local.net>, Alain Picard
<·······················@optushome.com.au> wrote:

> ;;;; Blowfish Constants.
> ;;
> ;; These values taken from constants.txt,
> ;; at counterpane.com, in the description of blowfish.
> ;; They're actually the digits of pi, in Hex.
> ;; 

Here's a wizzy piece of code that will allow you to compute these values
instead of having them clutter up your source.  (It's also less
error-prone.)

(defun compute-pi-hex (n &aux (p 0) r)
  (dotimes (i n)
    (incf p (- (/ 4 (+ 1 (* 8 i)))
               (/ 2 (+ 4 (* 8 i)))
               (/ 1 (+ 5 (* 8 i)))
               (/ 1 (+ 6 (* 8 i)))))
    (multiple-value-setq (r p) (truncate p 16))
    (format t "~X" r)
    (if (= (mod i 8) 1) (princ #\space))
    (setf p (* p 16))))

FWIW, here's a decimal pi-computer as well:

(defun compute-pi-decimal (n &aux (p 0) r)
  (dotimes (i n)
    (incf p (/ (- (/ 4 (+ 1 (* 8 i)))
                  (/ 2 (+ 4 (* 8 i)))
                  (/ 1 (+ 5 (* 8 i)))
                  (/ 1 (+ 6 (* 8 i))))
               (expt 16 i))))
  (dotimes (i n)
    (multiple-value-setq (r p) (truncate p 10))
    (format t "~X" r)
    (if (= (mod i 10) 1) (princ #\space))
    (setf p (* p 10))))

E.

From: Alain Picard
Subject: Re: The blowfish encryption algorithm, in CL [CODE]
Date: 
Message-ID: <86n0thno2s.fsf@gondolin.local.net>
···@jpl.nasa.gov (Erann Gat) writes:

> In article <··············@gondolin.local.net>, Alain Picard
> <·······················@optushome.com.au> wrote:
> 
> > ;;;; Blowfish Constants.
> > ;;
> > ;; These values taken from constants.txt,
> > ;; at counterpane.com, in the description of blowfish.
> > ;; They're actually the digits of pi, in Hex.
> > ;; 
> 
> Here's a wizzy piece of code that will allow you to compute these values
> instead of having them clutter up your source.  (It's also less
> error-prone.)
> 
[SNIP]

Thanks, but no thanks. If Bruce Schneier made a mistake in the constants,
at least he and I (and all other implementors in the world) are making
the same mistake.  :-)

Ob. conjecture:  I'm guessing that PI is used to initialize the s-boxes
because there was long standing suspicion in the cryptographic community
that NSA had diddled the s-boxes of DES (presumably to give themselves
a back door).  Bruce probably thought that using PI only gives God a
back door.

Ob lisp:  I've metered my code a bit more, and CMU is > 120X faster 
that Lispworks.  Those kernel:32bit-logical-xor functions sure do
make a difference.  I've been reading the fast modulo exponentiation
thread with interest; there doesn't seem to be an API in LW to do
this 32bit diddling, and even if there were, I suspect all the return
values would still have to be coerced to bignums, sort of defeating the
purpose.  I'm starting to think CMUCL is pretty cool.
From: Erann Gat
Subject: Re: The blowfish encryption algorithm, in CL [CODE]
Date: 
Message-ID: <gat-2706020950020001@192.168.1.50>
In article <··············@gondolin.local.net>, Alain Picard
<·······················@optushome.com.au> wrote:

> ···@jpl.nasa.gov (Erann Gat) writes:
> 
> > In article <··············@gondolin.local.net>, Alain Picard
> > <·······················@optushome.com.au> wrote:
> > 
> > > ;;;; Blowfish Constants.
> > > ;;
> > > ;; These values taken from constants.txt,
> > > ;; at counterpane.com, in the description of blowfish.
> > > ;; They're actually the digits of pi, in Hex.
> > > ;; 
> > 
> > Here's a wizzy piece of code that will allow you to compute these values
> > instead of having them clutter up your source.  (It's also less
> > error-prone.)
> > 
> [SNIP]
> 
> Thanks, but no thanks. If Bruce Schneier made a mistake in the constants,
> at least he and I (and all other implementors in the world) are making
> the same mistake.  :-)

Well, you can check the algorithm against Bruce's constants once to
convince yourself that he got them right, then use the algorithm to
protect yourself against future typos and bit-rot.  But whatever.

E.
From: Espen Vestre
Subject: Re: The blowfish encryption algorithm, in CL [CODE]
Date: 
Message-ID: <kwr8ir6ddq.fsf@merced.netfonds.no>
···@jpl.nasa.gov (Erann Gat) writes:

> > Thanks, but no thanks. If Bruce Schneier made a mistake in the constants,
> > at least he and I (and all other implementors in the world) are making
> > the same mistake.  :-)
> 
> Well, you can check the algorithm against Bruce's constants once to
> convince yourself that he got them right, then use the algorithm to
> protect yourself against future typos and bit-rot.  But whatever.

...but isn't the usage of pi in blowfish pretty random anyway (just
used as a useful non-repeating pattern)?
-- 
  (espen)
From: Espen Vestre
Subject: Re: The blowfish encryption algorithm, in CL [CODE]
Date: 
Message-ID: <kwfzz76ctt.fsf@merced.netfonds.no>
Espen Vestre <·····@*do-not-spam-me*.vestre.net> writes:

> ...but isn't the usage of pi in blowfish pretty random anyway (just
> used as a useful non-repeating pattern)?

Of course it is (*), here's a quote from B. Schneier:

  I chose the digits of pi as the initial subkey table for two
  reasons: because it is a random sequence not related to the
  algorithm, and because it could either be stored as part of the
  algorithm or derived when needed. There is nothing sacred about pi;
  any string of random bits--digits of e, RAND tables, output of a
  random number generator--will suffice.

(http://www.counterpane.com/bfsverlag.html)

(*) I apologize for posting before I had checked my bookmarks.
-- 
  (espen)