I am not suggesting we remove blowfish or any of those algorithms. I am suggesting we remove the assembler versions of them.
On 2/10/18, 5:33 PM, "Viktor Dukhovni" <[email protected]> wrote: On Sat, Feb 10, 2018 at 10:19:20PM +0000, Salz, Rich wrote: > > Is blowfish actually outdated? I thought it had some significant use, > > and don't recall any major weakness... > > In particular, IIRC OpenSSH uses blowfish, and links to OpenSSL for > the underlying cipher... > > PGP use to be a heavy user, but now it only decrypts or does key-wrapping for compatibility; it no longer uses blowfish to encrypt data. > > SSH uses it, but according to https://bbs.archlinux.org/viewtopic.php?id=188613 it has been removed, circa 2014. > Schneier recommends not using it, and use its successor(s) instead, which we don't implement. Removed in 2014 is much too recent, there are still LTS systems with older SSH versions, and modern platforms that may want to interoperate. So I'm very reluctant to support removal of blowfish ASM at this time... -- Viktor. _______________________________________________ openssl-project mailing list [email protected] https://mta.openssl.org/mailman/listinfo/openssl-project _______________________________________________ openssl-project mailing list [email protected] https://mta.openssl.org/mailman/listinfo/openssl-project
