> Is blowfish actually outdated? I thought it had some significant use,
> and don't recall any major weakness...
In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for
the underlying cipher...
PGP use to be a heavy user, but now it only decrypts or does key-wrapping for
compatibility; it no longer uses blowfish to encrypt data.
SSH uses it, but according to https://bbs.archlinux.org/viewtopic.php?id=188613
it has been removed, circa 2014.
Schneier recommends not using it, and use its successor(s) instead, which we
don't implement.
_______________________________________________
openssl-project mailing list
[email protected]
https://mta.openssl.org/mailman/listinfo/openssl-project
