|developer||Bruce Schneier , Niels Ferguson , John Kelsey , Doug Whiting , David Wagner and Chris Hall|
|Certification||Finalist in the AES selection process.|
|Key length||128, 192 and 256 bits|
|Block size||128 bit|
|Best known cryptanalysis|
|As of mid-2007, there is a special, limited differential cryptanalysis with approx
2 51 selected plaintexts known.
Twofish is a symmetric encryption algorithm in computer science developed by Bruce Schneier , Niels Ferguson , John Kelsey , Doug Whiting , David Wagner, and Chris Hall . It is a block cipher with a block size of 128 bits and 16 rounds, the key lengths are 128, 192 or 256 bits.
Twofish is the successor of Blowfish is and stood 1998 / 1999 the retiring for Advanced Encryption Standard . There he made it into the round of the last five together with the algorithms MARS , RC6 , Rijndael and Serpent .
With regard to its security, Twofish mainly criticized the properties of the key sharing and its complexity, which affects a security analysis. On the other hand, according to its development team, Twofish represents a security architecture against as yet unknown attacks through this key-dependent S-boxes .
Twofish is not patented and was published under the public domain . It is thus freely available for everyone to use.
The Twofish algorithm is implemented by the following open source software packages , among others :
- FreeOTFE - full disk encryption
- GNU Privacy Guard - Encrypt and Sign Files and E-Mails
- TrueCrypt - full disk encryption, encryption of partitions and of container files
- VeraCrypt - full disk encryption, encryption of partitions and of container files
- KeePass - password manager
- CrossCrypt - hard disk encryption
- DiskCryptor - full disk encryption
- dm-crypt - hard disk encryption
According to Moriai & Yin, the best published attack option in the form of a Distinguishing Attack is limited differential analysis . The document describes that the probability for bounded differentials is per block and that one needs approximately chosen plaintext (about 32 PiB data) in order to find a usable pair of bounded differentials and thereby to be able to distinguish the cipher from a random number sequence.
Bruce Schneier replied in a blog post in 2005 that the document does not present a complete cryptanalysis, but only some characteristic hypotheses of differential analysis. This would, from a practical point of view, mean that Twofish could not be remotely broken. The authors of the analysis published in 2000 have not published any new findings since then.
- ↑ a b Shiho Moriai, Yiqun Lisa Yin: Cryptanalysis of Twofish (II). (PDF; 217 kB) 2000, accessed on August 13, 2006 (English).
- ↑ Bruce Schneier: Twofish Cryptanalysis Rumors. Schneier on Security blog, November 23, 2005, accessed June 22, 2011 .