[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Crypto algorithms for IKEv2
Jimmy Zhang wrote:
>How about TWOFISH ?
No, please. Stick to AES and Triple-DES; they are very fine algorithms.
My strong advice is to use AES, not Twofish. There's nothing wrong with
Twofish -- I'm pleased with the design and how it has held up -- but I
think AES is clearly the right choice over Twofish. AES was selected
for the standard over all other competitors, and I think, rightly so.
Most importantly, AES is receiving far more scrutiny than Twofish.
This gives a powerful reason to prefer AES over Twofish (or any of the
other finalists, including Serpent, for that matter).
I prefer to view Twofish as deprecated these days and to encourage people
to use AES instead, unless there is some special requirement that makes
AES unsuitable.
Full disclosure: I was a co-designer of Twofish, so I'm probably biased.