Christian Weisgerber wrote:
Over on source-changes, Kevin Chadwick <ma1l1i...@yahoo.co.uk> wrote:
I don't disagree with using AES-128 as default on a possibly busy mail server. I was just wondering why the word obsolete was used and if it was simply because twofish and AES are faster.
(careful, you trimmed out where he mentioned blowfish, and I was thinking you misread it, since you left in him mentioning twofish...)
Blowfish is older, not standardized, and hasn't received the attention from the cryptographic community that AES has. Blowfish was interesting back when 3DES was the standard, but everybody has moved on.
Blowfish isn't standardized? Not being chosen as a standard doesn't mean that everyone is using an incompatible version of something. Have I been missing all the rogue versions of blowfish encryption all this time?
And I'm fairly certain blowfish did get a lot of attention. And since bcrypt is reasonably popular, I'd imagine blowfish *still* gets attention from the cryptographic community.
And AES-128 (and only that flavor of AES, so far) has a crack making decrypting it significantly quicker. And I don't see any cracks of the full-round version of blowfish used.
Speedwise, Blowfish and AES are similar, but AES is more the focus of optimized implementations and can benefit from AES-NI hardware acceleration.
My understanding is that actually, blowfish is significantly slower. Mainly because of the setup required for each new key. I seem to recall that was part of why blowfish didn't become AES.
--Kurt
