Twofish encryption is a block cipher (or an encryption method in simple terms) that is 128 bits in size and uses a key that’s up to 256 bits long. Let’s break that definition down to its components to simplify.
As a block cipher, twofish encryption encrypts data in blocks using a deterministic algorithm and a symmetric key. A deterministic algorithm is an algorithm that will always produce the same output no matter the input used so long as the machine that uses it follows the same procedure. A symmetric key, meanwhile, is a single key that encrypts and decrypts data.
Read More about the “Twofish Encryption”
Bruce Schneier and Counterpane Labs created twofish encryption. It was published in 1998 and remains unbroken to this day. In fact, most cryptographers believe it is more secure than the Rijndael/Advanced Encryption Standard (AES) algorithm, which is the most commonly used algorithm today and recommended by the National Security Agency (NSA).
Watch this video to learn more about twofish encryption:
Twofish versus Blowfish, What’s the Difference?
Twofish is considered Blowfish’s successor. Blowfish was also Schneier’s creation back in 1993. Like its successor, it is a symmetric-key block cipher that’s 64 bits in size and uses a key that can be up to 64 bits long. While it remains secure to this day, AES took its place as the most-used cipher. That said, Schneier created twofish, which he claims, is more effective for modern systems.
Who Can Use Twofish Encryption?
Anyone can use twofish without restrictions, as its makers did not patent it and made it available to the public. In fact, it is one of a few ciphers included in the OpenPGP standard (RFC 4880), the most widely used email encryption standard today.
Schneier isn’t the only one responsible for developing twofish, several other cryptographers who made up the so-called “extended Twofish team” helped out. They are John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson.
Is Twofish Encryption Secure?
The short answer is yes. But many ask why the National Institute of Standards and Technology (NIST) does not want it to replace the current Data Encryption Standard (DES) Rijndael. The reason doesn’t have to do with security but speed. Twofish is slower compared to Rijndael.
Those concerned about security should know that since twofish uses a 128-bit key, it is almost impervious to brute force attacks (these entail repeatedly logging in to a victim’s account by randomly guessing username-password combinations). An attacker would take decades to decrypt a Twofish-encrypted message, regardless of processing power.
But users shouldn’t be complacent, though, as twofish isn’t invulnerable to all attacks. Why? Part of its encryption algorithm uses a precomputed key-dependent substitution to produce ciphertext. The precomputed value thus makes it susceptible to side-channel attacks but only if the attackers know the substitution method used (which is still very tough to crack). While several attacks have targeted twofish, Schneier opined that they were not actual cryptanalysis attacks, which means the algorithm has not been broken yet. If you are interested you can learn more about cryptanalysis and side-channel attacks in this definition.
Products That Use Twofish Encryption
While twofish isn’t as commonly used as AES and even its predecessor Blowfish, a couple of applications use it today, including:
- Pretty Good Privacy (PGP): PGP is an encryption algorithm that uses twofish to encrypt emails. In this case, twofish encrypts the email data but not its sender and subject.
- GnuPG: GnuPG is an OpenPGP implementation that allows users to encrypt and send communication data. It uses key management systems and modules to access public key directories that provide public keys published by other users. If users send a message encrypted with their private key, anyone who accesses the public key directory can decrypt it. Learn more about private and public keys here.
- TrueCrypt: TrueCrypt encrypts device data using encryption methods that the user can see. It works locally on the user’s computer and automatically encrypts the data that leaves the system. It encrypts a file the user sends from his local computer to an external database.
- KeePass: KeePass is a password management software that uses twofish to encrypt the passwords stored on it. It also uses twofish to create passwords for its users.
Twofish encryption is open source, and so anyone who wants to add encryption features to their products can use it.