Why is Blowfish's key size limited to 128 bits in RFC 4880?
Robert J. Hansen
rjh at sixdemonbag.org
Sat Oct 10 11:42:17 CEST 2020
> What's the rationale behind not going full 448 or at least 256 like
> AES and Twofish?
Age. At the time Blowfish was adopted there were literally no 256-bit
ciphers in the RFC2440 suite. Symmetric ciphers were all 128-bit
(except arguably for 3DES, where the size is wonky[*]). The first
256-bit cipher to be added was Twofish in mid-2000 in PGP 7, followed
soon by AES in PGP 7.1.
[*] 3DES can credibly be claimed to have a 192-bit key, a 168-bit key,
or a 112-bit key, depending on how the speaker defines "key".
More information about the Gnupg-users
mailing list