Re: Blowfish reliability

On 15/07/2025 16:54, Anonymous wrote:

   Is this blog post significant?
<https://hatchjs.com/cryptographydeprecationwarning-blowfish-has-been-deprecated/>
 

Somewhat, though nothing new.
Blowfish uses 64-bit blocks which can lead to birthday and other collision attacks - nowadays even 128 bits isn't really enough for a new block cipher (some may disagree). 3DES has the same block size problem.
Blowfish is also susceptible to meet-in-the-middle and differential attacks. The variable key size is also problematic.
Implemented properly Blowfish is still secure - but it is getting harder to implement it properly, and some older implementations may no longer be secure. You have to worry about total traffic encrypted under one key, key size, some restrictions in modes - so overall it is considered better to use something more modern.
Also again, as it is being deprecated, some platforms may no longer support it.
Peter Fairbrother