Why is Blowfish's key size limited to 128 bits in RFC 4880?

Werner Koch wk at gnupg.org
Sun Oct 11 17:40:47 CEST 2020

On Sat, 10 Oct 2020 03:00, Dieter Frye said:

> I've been using Blowfish on older machines for years now without issue and
> I always wondered if this is one of those things that could possibly
> benefit from an update.

Nope.  I used Blowfish back then because it was the only free and modern
algorithm.  PGP didn't support it.  Later, in 1998 we added Twofish and
had to do a clean room implementation (kudos to Matthew Skala) because
it was not clear whether the implementaion was in the PD or compatible
with the GPL.  I asked Bruce Schneier during this period several times
on whether he would suggest to use Twofish for OpenPGP and his answer
depended a bit on his current mood.

Anyway, all these cipher algorithm competition is mood since everyone
has agreed to use AES; formerly known Rijndael which may have even been
preferred over Twofish because of its non-US origin.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20201011/f1f3ec1d/attachment.sig>

More information about the Gnupg-users mailing list