[openssl-project] Removing assembler for outdated algorithms
Salz, Rich
rsalz at akamai.com
Sat Feb 10 22:40:24 UTC 2018
I am not suggesting we remove blowfish or any of those algorithms. I am suggesting we remove the assembler versions of them.
On 2/10/18, 5:33 PM, "Viktor Dukhovni" <viktor at dukhovni.org> wrote:
On Sat, Feb 10, 2018 at 10:19:20PM +0000, Salz, Rich wrote:
> > Is blowfish actually outdated? I thought it had some significant use,
> > and don't recall any major weakness...
>
> In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for
> the underlying cipher...
>
> PGP use to be a heavy user, but now it only decrypts or does key-wrapping for compatibility; it no longer uses blowfish to encrypt data.
>
> SSH uses it, but according to https://bbs.archlinux.org/viewtopic.php?id=188613 it has been removed, circa 2014.
> Schneier recommends not using it, and use its successor(s) instead, which we don't implement.
Removed in 2014 is much too recent, there are still LTS systems
with older SSH versions, and modern platforms that may want to
interoperate. So I'm very reluctant to support removal of blowfish
ASM at this time...
--
Viktor.
_______________________________________________
openssl-project mailing list
openssl-project at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project
More information about the openssl-project
mailing list