Can you clarify when data compression is used?

David Shaw dshaw at
Sun Feb 10 15:32:27 CET 2008

On Sat, Feb 09, 2008 at 11:29:08PM -0600, Kevin Hilton wrote:
> >Twofish is almost entirely abandoned nowadays, but it still exists in
> >PGP and GnuPG.  Once a bad decision is made in engineering, the
> >engineers are stuck supporting it forever.
> Is this statement really true or just opinion?  Bruce Schneier is one
> of my favorite cryptoanalysts.

It's basically true, at least in the context of OpenPGP.  Note that
the statement doesn't say that Twofish is insecure.  It's just that
when AES came along, it eclipsed many/most of the ciphers with similar

>From the perspective of the researcher who wants to attack a cipher,
they'll attack AES because lots of people use it.  From the
perspective of the user of crypto, they'll use AES because of all the
research on it.  Repeat this cycle enough times, and you can see why
Twofish isn't used much.


More information about the Gnupg-users mailing list