All over AC he explains that you should waits years, not weeks to see what kind of attacks the algorithm withstands.
I definately agree that Blowfish is a reasonable algorithm, but Twofish just hasn't been tested like Blowfish, and the other myth, that Twofish is an improvement of Blowfish is not true at all. Twofish is an entirely different algorithm.
He might not be making any direct money from his implementations, but being able to say "Counterpane, the guys that invented the new AES standard, implemented in all new major encryption products", is worth quite a bit of money..
I think Bruce should be pointing a huge finger at himself as well. We all know that encryption algorithms aren't considered even remotely secure after a long period of time. Bruce recommends years in his AC (which is the way to go) but 4 MONTHS after releasing his Twofish he's pushing it to be included in all major encryption packages. Can you say OpenPGP for example? And what's the comment "(that's Twofish, the fastest AES submission)" about? He's mixing up his own interest just as must. I don't think Bruce is any better than nCipher or any of the other guys.
Slashdot Mirror
a few months after he released Twofish certain big crypto libraries got requests from Bruce to include Twofish in their mix of algorithms :)
That was a long time ago.. way before even the end of the first round of AES.
All over AC he explains that you should waits years, not weeks to see what kind of attacks the algorithm withstands.
I definately agree that Blowfish is a reasonable algorithm, but Twofish just hasn't been tested like Blowfish, and the other myth, that Twofish is an improvement of Blowfish is not true at all. Twofish is an entirely different algorithm.
He might not be making any direct money from his implementations, but being able to say "Counterpane, the guys that invented the new AES standard, implemented in all new major encryption products", is worth quite a bit of money..
I think Bruce should be pointing a huge finger at himself as well. We all know that encryption algorithms aren't considered even remotely secure after a long period of time. Bruce recommends years in his AC (which is the way to go) but 4 MONTHS after releasing his Twofish he's pushing it to be included in all major encryption packages. Can you say OpenPGP for example? And what's the comment "(that's Twofish, the fastest AES submission)" about? He's mixing up his own interest just as must. I don't think Bruce is any better than nCipher or any of the other guys.