On 11/13/2015 02:40 PM, Emilia K?sper wrote: > > BLOWFISH - probably still in use though I don't know where exactly? Isn't Blowfish a building block of bcrypt and/or some similar stuff? I think that implementations don't rely on OpenSSL but I wouldn't give it for granted. As for the rest of the algorithms, a lot has been already said but I would like to share my personal opinion (that of someone who codes using the OpenSSL API since some time): I think of OpenSSL as an incredibly rich tool for the professionals and the students as well, if it were possible I would like to see all of the algorithms to be there forever, including the odd situation of people who must decrypt some content they produced a long time ago, for instance. I understand that this is not feasable in the long-term, but we cannot forget that IT time is different from people time: the fact that an algorithm is born and becomes insecure in a few years doesn't mean that it won't be needed for some time, unless we accept the idea that OpenSSL is something to be used "for the moment being" (which is reasonable for SSL/TLS and communications in general, much less for file encryption and signature features). So, if it were possible to keep the algorithms for a long time, providing a simple way to put them out of the compilation (and the default compilation options may just do that), that would be great. At least as long as they are API-compliant (of course, you cannot ask to be kept consistent with the rest of the code for decades). My gratefulness to all developers, whatever it will be! -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151126/34093445/attachment.html>