> On Sat, 10 Oct 2020 03:00, Dieter Frye said: > >> I've been using Blowfish on older machines for years now without issue >> and >> I always wondered if this is one of those things that could possibly >> benefit from an update. > > Nope. I used Blowfish back then because it was the only free and modern > algorithm. PGP didn't support it. Later, in 1998 we added Twofish and > had to do a clean room implementation (kudos to Matthew Skala) because > it was not clear whether the implementaion was in the PD or compatible > with the GPL. I asked Bruce Schneier during this period several times > on whether he would suggest to use Twofish for OpenPGP and his answer > depended a bit on his current mood. > > Anyway, all these cipher algorithm competition is mood since everyone > has agreed to use AES; formerly known Rijndael which may have even been > preferred over Twofish because of its non-US origin. > > > Salam-Shalom, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > Interesting.
My current understanding of the situation is that there are no known effective attacks against Blowfish so long as it's adequately implemented according to the suggested specifications and it's relatively limited block size accounted for, and I naturally tend to gravitate towards tested-and-tried, reliable things with a more or less impeccable record. Now if any of this remains true today, I cannot tell (I did the research a number of years ago so it's possible something changed along the way), but even if not, it would still make sense to me to allow for greater (or better yet, full) key size to be utilized specially for situations when performance is extremely critical and something like Twofish just won't do. Personally I use Twofish on my P4 and Blowfish on all of my P3's. As for AES, while there doesn't seem to be anything fundamentally wrong with it, the fact that it was pushed so extensively by the powers that be and the fact that it's considerably easier on the hardware (as compared to say, Twofish), makes it a candidate for large-scale, targeted cryptanalysis, so I wouldn't put it past me that the NSA's onto something already. Best regards. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
