[openssl-project] Removing assembler for outdated algorithms
Salz, Rich
rsalz at akamai.com
Sat Feb 10 22:19:20 UTC 2018
> Is blowfish actually outdated? I thought it had some significant use,
> and don't recall any major weakness...
In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for
the underlying cipher...
PGP use to be a heavy user, but now it only decrypts or does key-wrapping for compatibility; it no longer uses blowfish to encrypt data.
SSH uses it, but according to https://bbs.archlinux.org/viewtopic.php?id=188613 it has been removed, circa 2014.
Schneier recommends not using it, and use its successor(s) instead, which we don't implement.
More information about the openssl-project
mailing list