Has Twofish ever been cracked?

Is Twofish deprecated?

Should you use AES instead?

TwoFish is a secure encryption algorithm used in some products from McAfee and in the OpenSSH daemon. It's a symmetric algorithm so you can use it to encrypt your data on a regular computer.

The McAfee web site says that: "For the time being, we recommend that you use TwoFish for all your data security needs and you should be prepared to deal with any compatibility issues that might occur. In the future, McAfee will support other more widely used symmetric algorithms. In the meantime, please use TwoFish to protect all your sensitive data."

McAfee is still using TwoFish for their internal communications, but it's unclear if this will happen for customers. Does anyone know of an updated list of recommended symmetric algorithms? Edit: The discussion continues below. You can read it if you are a registered user. If you want to join in, register here.

We've all seen the articles about TwoFish and its deprecation. What's not clear is if this means it's unsafe to use it or not. When McAfee says "we recommend that you use TwoFish for all your data security needs" they clearly don't mean that it is unsafe. It's still a good symmetric algorithm (and it is the best of the bunch), it just doesn't have much competition in the market.

To be clear, McAfee is recommending people use TwoFish until the company decides to move on to a different symmetric algorithm. The reason for this is probably because the competition isn't very strong right now. McAfee will switch to AES soon, but when it does, they'll still have to go through a standard security approval process. And I'm not sure if McAfee would have to go through this process if they made the switch to AES today. But since they won't, I don't think they want to risk the negative press and legal problems that come with announcing their encryption system is obsolete.

So if you're still using TwoFish for your data security, you should be ok for now. But keep in mind that you may run into issues when McAfee moves on to AES. If you're using it, you should ask McAfee what encryption method they recommend and make sure it's compatible with their current encryption system.

Related Answers

Is Twofish better than AES?

I've been asked to write a Java implementation of Twofish, and found. severa...

Is Twofish better than AES?

I have been reading the source of the Java Cryptography Extension (JCE) lately and c...

What are the 4 steps of AES algorithm?

What algorithms are included? What are the possible Attacks agai...