[openssl-project] Removing assembler for outdated algorithms

Richard Levitte levitte at openssl.org
Sun Feb 11 06:57:57 UTC 2018

In message <3EAC8B7F-EA48-465B-B4BE-3D5AC62D9A4C at dukhovni.org> on Sat, 10 Feb 2018 16:58:36 -0500, Viktor Dukhovni <viktor at dukhovni.org> said:

viktor> > On Feb 10, 2018, at 4:08 PM, Salz, Rich <rsalz at akamai.com> wrote:
viktor> > 
viktor> > This is derived from bureau/libcrypto-proposal that Emilila made in November 2015.
viktor> >  
viktor> > We should remove the assembler versions of the following
viktor> >                 Blowfish, cast, des, rc4, rc5, ripemd, whirlpool, md5
viktor> >  
viktor> > The reason is that they are outdated, not in use very much, and optimization is not important, compared to having a single reference source that we can maintain and debug.
viktor> Is blowfish actually outdated?  I thought it had some significant use,
viktor> and don't recall any major weakness...

For what it's worth, https://en.wikipedia.org/wiki/Blowfish_(cipher)
mentions some weaknesses, and also that the author recommends moving
away from Blowfish (use Twofish instead, but we haven't implemented


Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-project mailing list