[openssl-project] Removing assembler for outdated algorithms

Salz, Rich rsalz at akamai.com
Sat Feb 10 22:19:20 UTC 2018

    > Is blowfish actually outdated?  I thought it had some significant use,
    > and don't recall any major weakness...
    In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for
    the underlying cipher...

PGP use to be a heavy user, but now it only decrypts or does key-wrapping for compatibility; it no longer uses blowfish to encrypt data.

SSH uses it, but according to https://bbs.archlinux.org/viewtopic.php?id=188613 it has been removed, circa 2014.
Schneier recommends not using it, and use its successor(s) instead, which we don't implement.

More information about the openssl-project mailing list