Re: ABI guarantees

On Mon, 18 Aug 2025 22:01:46 +0100
Lexi Winter <ivy@freebsd.org> wrote:

> Vadim Goncharov:
> > Don't know about IPsec but deleting blowfish was surely a mistake - it is
> > not broken and could be used e.g. in IoT where space constraints matter,
> > for those who know what they are doing.  
> 
> Blowfish (along with 3DES) was broken by Sweet32.  it might still be
> secure with certain specific constraints (like regular key rotation)
> but i don't think it's wrong to err on the side of not shipping known
> broken cyphers.

This is not "broken cipher", this is a generic method against *any* cipher
with block size N using 2^(N/2) of data - in the same sense AES is also
"broken" for non-rekeyed inputs more than 2^64 data (which is non-practical
*yet*). That's why I've said "who know what they are doing" because in the
world of constrained devices non-rekeyed inputs >4 Gb are somewhat close to
infinity.

-- 
WBR, @nuclight