Table of Contents

Twofish is the successor to Blowfish, and, like its predecessor, uses symmetric encryption, so only one 256-bit key is necessary. This technique is one of the fastest encryption algorithms and is ideal for both hardware and software environments. When it was released, it was a finalist for the National Institute of Technology and Science’s (NIST’s) competition to find a replacement for the Data Encryption Standard (DES) encryption algorithm. In the end, the Rjindael algorithm was selected over the Twofish encryption algorithm. Similar to Blowfish, a block cipher is used in this symmetric encryption algorithm.

Symmetric encryption is a process that uses a single key to both
encrypt and decrypt information. The key is taken in, along with the plaintext information, by the encryption algorithm. This key encrypts the data into ciphertext, which cannot be understood unless it is decrypted. When the encrypted data is sent to the recipient of the data, the symmetric encryption key must also be sent, either with or after the ciphertext has been sent. This key can then be used to decrypt the data.

Is Twofish secure?

A question many organizations ask is: Is Twofish safe, if the NIST did not want to use it to replace DES? The answer is yes, Twofish is extremely safe to use. The reason the NIST did not wish to utilize Twofish is due to it being slower, compared to the Rjindael encryption algorithm. One of the reasons that Twofish is so secure is that it uses a 128-bit key, which is almost impervious to brute force attacks. The amount of processing power and time needed to brute force a 128-bit key encrypted message makes whatever information that is being decrypted unactionable, as it could take decades to decrypt one message.

This does not mean that Twofish is impervious to all attacks, however. Part of Twofish’s encryption algorithm uses pre-computed, key dependent substitution to produce the ciphertext. Precomputing this value makes Twofish vulnerable to side channel attacks, but the dependence of a key with the substitution helps protect it from side channel attacks. Several attacks have been made on Twofish, but the creator of the algorithm, Bruce Schneier, argues these were not true cryptanalysis attacks. This means a practical break of the Twofish algorithm has not occurred yet.

What uses Twofish for encryption?

Though, like the Advanced Encryption Standard (AES), Twofish is not the most commonly used encryption algorithm, it still has many uses seen today. The most well-known products that use Twofish in their encryption methods are:

  • PGP (Pretty Good Privacy): PGP is an encryption algorithm that utilizes Twofish to encrypt emails. The data of the email is encrypted, but the sender and subject are not encrypted.
  • GnuPG: GnuPG is an implementation of OpenPGP that lets users encrypt and send data in communications. GnuPGP uses key management systems and modules to access public key directories. These public key directories provide public keys published by other users on the Internet, so that if they send a message with encrypted with their private key, anyone with access to the public key directory can decrypt that message.
  • TrueCrypt: TrueCrypt encrypts data on devices, with encryption methods that are transparent to the user. TrueCrypt works locally on the user’s computer, and automatically encrypts data when it leaves the local computer. An example would be a user sending a file from their local computer to an outside database. The file sent to the database would be encrypted as it leaves the local computer.
  • KeePass: KeePass is a password management software that encrypts passwords that are stored, and creates passwords using Twofish.

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Cyber security experts conference 2022

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

Table of Contents

Blowfish is the first symmetric encryption algorithm created by Bruce Schneier in 1993. Symmetric encryption uses a single encryption key to both encrypt and decrypt data. The sensitive data and the symmetric encryption key are utilized within the encryption algorithm to turn the sensitive data into ciphertext. Blowfish, along with its successor Twofish, was in the running to replace the Data Encryption Standard (DES) but failed due to the small size of its block. Blowfish uses a block size of 64, which is considered wholly insecure. Twofish fixed this issue, by implementing a block with a size of 128. Blowfish is much faster than DES, but it trades in its speed for security.

Products that use Blowfish

Though it is not as secure as other symmetric encryption algorithms, many products in many different areas of the Internet utilize Blowfish. Different types of products that Blowfish is a part of are:

  • Password Management: Password management software and systems protect and create passwords. Blowfish has been used in a variety of password management tools to both create passwords and encrypt saved passwords. Examples of password management tools using Blowfish include:
    • Access Manager
    • Java PasswordSafe
    • Web Confidential
  • File/Disk Encryption: Software that encrypts files or disks is extremely common today as so many organizations have sensitive data they need to keep secure. This software must be straightforward for use by companies and quick to finish the encryption process. Thus, Blowfish is utilized in these encryption systems often in products such as:
    • GnuPG
    • Bcrypt
    • CryptoForge
  • Backup Tools: Software that backs up vital infrastructure in an organization must have the ability to encrypt information in those backups. This is in case the backup contains sensitive information. Backup systems that use Blowfish are:
    • Symantec NetBackup
    • Backup for Workgroups
  • Email Encryption: Encryption for emails is extremely important on any device. Different IOS, Linux, and Windows software all use Blowfish for email encryption. Examples:
    • A-Lock
    • SecuMail
  • Operating System Examples:
    • Linux
    • OpenBSD
  • Secure Shell (SSH)Secure Shell is used to remotely access computer networks while authenticating the user through the use of encryption methods like Blowfish. Examples:
    • OpenSSH
    • PuTTY

Comparison Table

AdvantagesDisadvantages
  • Faster than other encryption algorithms, such as the Data Encryption Standard (DES)
  • Blowfish is unpatented and free to use. This means anyone can take and use Blowfish for whatever they want to
  • The Blowfish algorithm also has a lesser amount of operations to complete compared to other encryption algorithms
  • The key schedule of Blowfish takes a long time, but this can be advantageous, as brute force attacks are more difficult
  • The key schedule of Blowfish takes a long time, equivalent to encrypting 4KBs of data, which can be a disadvantage or an advantage. On the Disadvantage side, it takes a very long time to do
  • The small block size of Blowfish means that Birthday Attacks can occur and compromise the encryption algorithm
  • It is followed by Twofish, which was created to replace Blowfish, as it is better in most ways

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Cyber security experts conference 2022

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

Let's talk