Faramir wrote: > Maybe he said both things, my source was wikipedia, but they provided > a link to the interview where he said that:
Add this to the list of things Wikipedia has screwed up. Schneier has repeatedly advocated for AES. Go read his _Practical Cryptography_ and see what he says about Twofish, and see what he says about AES. I give a lot more weight to his professional writing than an interview with a journalist -- who knows what got edited out? Schneier may have, in that interview, meant to say "if people really like Blowfish, I recommend they look at Twofish, but really, there's no reason not to use AES." He could have misspoken; he could have been quoted out of context. All that can really be said is that such a sentiment is totally at odds with what he's said in other venues. > And according to Wikipedia, the only known way to break the full 16 > rounds implementation is brueforce... it seems the only one who > recommends to move is its author... No, a lot of people recommend moving to AES. If you were to ask me "so, what algorithm should I use?", I'd tell you the two reasonable choices were 3DES and AES. I like Blowfish. That's an emotional reaction to an algorithm. The fact I like Blowfish is totally irrational; really, I ought to use AES or 3DES. In fact, the rational part of me says Blowfish really ought to be dropped from OpenPGP implementations entirely, along with Twofish, and CAST5 ought to be considered legacy support and read-only. But I still like Blowfish. What can I say? I'm a human being. I'm allowed to occasionally be sentimental. Just don't mistake sentimentality for sound reasoning. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
