Twofish Encryption Standard

Twofish Encryption: What Is It?

Twofish is an encryption algorithm designed by Bruce Schneier. It’s a symmetric key block cipher with a block size of 128 bits, with keys up to 256 bits. It is related to AES (Advanced Encryption Standard) and an earlier block cipher called Blowfish. Twofish was actually a finalist to become the industry standard for encryption, but was ultimately beaten out by the current AES.

Twofish has some distinctive features that set it apart from most other cryptographic protocols. For one, it uses pre-computed, key-dependent S-boxes. An S-box (substitution-box) is a basic component of any symmetric key algorithm which performs substitution. In the context of Twofish’s block cipher, the S-box works to obscure the relationship of the key to the ciphertext. Twofish uses a pre-computed, key-dependent S-box which means that the S-box is already provided, but is dependent on the cipher key to decrypt the information.

How Secure is Twofish?

Twofish is seen as a very secure option as far as encryption protocols go. One of the reasons that it wasn’t selected as the advanced encryption standard is due to its slower speed. Any encryption standard that uses a 128-bit or higher key, is theoretically safe from brute force attacks. Twofish is in this category.

Because Twofish uses “pre-computed key-dependent S-boxes”, it can be vulnerable to side channel attacks. This is due to the tables being pre-computed. However, making these tables key-dependent helps mitigate that risk. There have been a few attacks on Twofish, but according to its creator, Bruce Schneier, it did not constitute a true cryptanalysis. These attacks did not constitue a practical break in the cipher.

Products That Use Twofish

GnuPG: GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories.

KeePass: KeePass is a password management tool that generates passwords with top-notch security. It’s a free, open source, lightweight and easy-to-use password manager with many extensions and plugins.

Password Safe: Password Safe uses a single master password to keep all of your passwords protected, similar to the functionality of most of the password managers on this list. It allows you to store all your passwords in a single password database, or multiple databases for different purposes. Creating a database is simple, just create the database, set your master password.

PGP (Pretty Good Privacy): PGP is used mostly for email encryption, it encrypts the content of the email. However, Pretty Good Privacy does not encrypt the subject and sender of the email, so be sure to never put sensitive information in these fields when using PGP.

TrueCrypt: TrueCrypt is a software program that encrypts and protects files on your devices. With TrueCrypt the encryption is transparent to the user and is done locally at the user’s computer. This means you can store a TrueCrypt file on a server and TrueCrypt will encrypt that file before it’s sent over the network.

AES vs. Twofish Encryption

  • Neither AES nor Twofish is vulnerable to brute force attacks in any reasonable and practical scenario. Both encryption algorithms support key sizes of more than to 128 bits which is resistant to brute force attack.
  • The security community has agreed upon AES-256 as the standard for protecting top-secret data rather than Twofish or any other cryptographic protocol.

Recommended Reading

  1. What is Encryption? How Does It Work?
  2. 38 Internet Security Terms You Should Know
  3. Let’s Encrypt is Spreading Encryption Across The Internet