Is Twofish more secure than AES?

What is Twofish encryption used for?

How to encrypt a file with it?

How to crack Twofish encryption? I think the answer is fairly simple for a math-challenged noob like me. Is it safe to use Twofish encryption? The answer is yes! Unless someone who is familiar with the algorithms, has some good hacking skills and time to work on your files, it is 100% safe. And I mean 100% (I am the only one who is reading this)

You may have heard about Twofish from movies like Batman Begins, Harry Potter and Fight Club where they use the algorithm to encrypt files. I can say for sure that if you are not familiar with the algorithm then it is probably safe to use. Now let's talk a little about the actual algorithm first. I think the best way to understand Twofish is to know what it is not. This should also help you to answer the question of why is it secure and easy to implement. First, let's not forget about the main characteristic of any crypto algorithm - it must be reversible. This means that once you decrypt the ciphertext it must look exactly like the original text or you won't be able to properly decrypt the file. This property of Twofish is called unbreakability. Second, the algorithm should be computationally cheap (ie fast to compute). This is also a part of the unbreakability. The algorithm is considered fast because its output size is relatively small (it only needs to store the most significant part of the plaintext data) and it requires a relatively small amount of CPU time to execute. This means that once you have decrypted the file using Twofish, you need to do some kind of math or operations to return to the original plaintext. That is why you need to be good at math. Third, the algorithm should have a long history. It means that you should be confident in its unbreakability. Last, but not least, the algorithm should be mathematically appealing. If you need more information on how to define "mathematically appealing", then I am referring to it as "interesting" or "not obvious". It is definitely worth saying that every crypto algorithm has its own interesting mathematical properties and properties which are not obvious at first sight.

Now that we know what it is and what it is not, let's take a look at the algorithm itself and how it works.

Is Twofish deprecated?

Should I switch to SHA-3?

I see so many warnings in my code that my server could be compromised. According to the security model of SHA3, the hash length is currently 1024 bits. Twofish was broken in 2026 and there's been no new implementations since then, so it is not safe to use for new applications. (In theory a new implementation could be added to Bitcoin Core but that's not guaranteed.)
SHA256 has an attack right now that can work under 64 bytes of output, but for some reason, that attack hasn't been discovered on SHA3 yet (it has for SHA2 though). The real problem is that the security model of SHA3 depends on the assumption that SHA2 does not need strengthening. While that assumption is true at this point in time, you should always assume that things have a security flaw, no matter how well proven they are.

Note: in 2026, SHA3 was standardized with an even longer security proof and was extended to 160 bit output, so SHA3 is now the "best" SHA3 with its stronger proof. For your use case of a web server, simply ignore the problem and carry on. As long as you trust the entity that says SHA3 is now secure enough, you're safe.

What is the difference between Blowfish and Twofish encryption?

What is used in Rijndael AES?

The short answer. There's no difference, but both use Blowfish for different algorithms. Blowfish (or at least the "Blowfish") algorithms have to do with encryption, and. Twofish (or the "Twofish") algorithms have to do with password hashing. The longer answer. Blowfish in general (there are two types of Blowfish, the earlier ones and the later ones) does not have a fixed format. It's more of a collection of various schemes. It was introduced by Bruce Schneier, who first suggested it as a candidate for a block cipher. As mentioned in answer to a related question on Cryptography SE, the name "Blowfish" itself is an open-source project that's just a list of these different schemes. The scheme that later became Twofish was developed by Daniel J. Bernstein, one of the other creators of the scheme. In fact, it was named after the two main components of the algorithm (the second factor and the final block).

Both Twofish and Blowfish algorithms work in similar fashion. They both operate in ECB mode, which stands for "Electronic Codebook". However, the input to this ECB mode algorithm is a block of data. There are different sizes of blocks, though, so they are actually quite different:
BLOWFISH: 16 bytes. (The name comes from the name of the algorithm itself; there's a small chance that someone in the future might add a few extra characters to the alphabet used in the algorithm.)
TWOFISH: 64 bytes. But the algorithm that's used for both Twofish and Blowfish works in similar fashion.

Is Twofish more secure than AES?

If we compare the performance of AES, with a speed of 3.

2 billion encryptions/second (with an 80 MB/s block throughput), and Twofish, with a speed of 1.7 billion encryptions/second (with a 90 MB/s block throughput), it is said that AES is twice as fast as Twofish.

So if we choose AES for data protection, should we also think about the speed of Twofish to be more secure? Both are used in practice, but from a security perspective, there is no clear winner. AES has some additional features which are used in cryptography; such as AEAD. So, one could argue that it is "better" in some way. But, the speed difference is small enough that most people don't really notice it, and there are other choices for speed.

The most obvious choice in many scenarios is SHA-256 or SHA-512. These are more likely to be used in applications than the more modern algorithms, and are more convenient for many types of operations. It is, however, important to note that these algorithms are still not completely safe from side-channel attacks.

Twofish isn't a cryptography primitive. It's just a block cipher. The actual security of Twofish is based on the design of it, so it's not fair to say it's "twice as fast".

The only way to have any idea about its actual security is to consider how it behaves. For example, you may want to consider how an attacker might try to attack it: Is it possible to run a timing side-channel attack on a block cipher? (I think not, since the design of the algorithm was meant to make it resistant to these types of attacks.) How does the algorithm's performance affect security? (As an example, if you have a key size of 256 bits, and it takes 20 seconds to encrypt a single block, then that means that it would take 40 hours to break the key by brute force on a reasonably powerful computer.) How do other block ciphers compare to it? (eg DES is considerably slower than AES and has much larger keys, but it's more vulnerable to certain types of side-channel attacks.

Related Answers

Is Twofish better than AES?

I've been asked to write a Java implementation of Twofish, and found. severa...

What is the Twofish algorithm decryption?

If you read the question and didn't understand it, please re-read it.b...

What are the disadvantages of Twofish?

I have been reading a book called "Cryptography: A Primer", and it says that Twofish i...