Sujet : Re: Blowfish reliability
De : rich (at) *nospam* example.invalid (Rich)
Groupes : sci.cryptDate : 16. Jul 2025, 14:35:46
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <10589ri$ohpu$1@dont-email.me>
References : 1 2 3 4
User-Agent : tin/2.6.1-20211226 ("Convalmore") (Linux/5.15.139 (x86_64))
Stefan Claas <
stefan@mailchuck.com> wrote:
Rich wrote:
The Running Man <running_man@writeable.com> wrote:
On 16/07/2025 00:07 Rich <rich@example.invalid> wrote:
Anonymous <nobody@yamn.paranoici.org> wrote:
Is this blog post significant?
<https://hatchjs.com/cryptographydeprecationwarning-blowfish-has-been-deprecated/>
The major significance is this sentence fragment from the first
paragraph:
"and should not be used for new applications."
Don't start a new project and pick Blowfish as the cipher.
I can't conjure up any application which uses Blowfish, except
maybe older versions of TrueCrypt and E4M.
At this point, they would all likely be old legacy applications, few of
which are likely still in use.
The problem is that the OP is one of many people from a.p.a-s who are
still using old hard/software and are not upgrading nor following the
latests best security practices.
In which case that is their choice, and this NIST announcement changes
nothing for them, they are equally at risk today as they were yesterday (this
announcement did not reveal any new breaks).
All this does is put them on notice that not upgrading is exposing them
to potential risk.
Blowfish reliability
Re: Blowfish reliability
