Your IP:
Your Location:
Your Status:

Twofish Encryption Explained: How It Works and Whether It’s Still Secure

Twofish is a symmetric encryption algorithm developed in the late 1990s by a team led by cryptographer Bruce Schneier. Although it did not become the Advanced Encryption Standard (AES), it was one of five finalists in the U.S. government’s AES competition and remains a respected cipher in the security community.

Today, Twofish is best known for its use in certain disk encryption tools, cryptographic libraries, and applications that offer alternatives to AES. While it is no longer as widely deployed as AES, no practical attack has broken the full Twofish algorithm, and it is still considered secure when implemented correctly.

Avatar photo VeePN Research Lab
Jun 18, 2026
5 min read
Twofish Encryption
Quick Navigation
Quick Navigation
1. What is Twofish encryption?
2. How block ciphers like Twofish work
3. What makes Twofish different?
4. Twofish vs AES
5. Is Twofish still secure?
6. Why Twofish didn’t become AES
7. Where Twofish is used today
8. Security today is about more than encryption
9. Where a VPN fits in
10. FAQ

What is Twofish encryption?

Twofish is a symmetric-key block cipher, meaning the same secret key is used to encrypt and decrypt data.

Key characteristics include:

  • Block size: 128 bits
  • Key sizes: 128, 192, or 256 bits
  • Structure: Feistel network
  • Number of rounds: 16
  • Publicly available and royalty-free

Like AES, Twofish converts readable information into ciphertext that appears random without the correct key.

The algorithm was designed to provide strong security, flexibility, and efficient software performance across a wide range of hardware platforms.

How block ciphers like Twofish work

Block ciphers encrypt data in fixed-size chunks called blocks.

In simple terms:

  1. Plaintext enters the cipher.
  2. The algorithm performs multiple rounds of mathematical transformations.
  3. A secret key controls those transformations.
  4. The output becomes unreadable ciphertext.
  5. The same key is required to reverse the process.

Modern block ciphers aim to make even tiny changes in the input produce dramatically different encrypted output, making patterns difficult for attackers to exploit.

What makes Twofish different?

Twofish incorporates several design features intended to increase resistance to cryptanalysis while maintaining good performance.

Key-dependent S-boxes

One distinctive feature is its use of key-dependent substitution boxes (S-boxes).

Many encryption algorithms use fixed lookup tables. Twofish generates portions of its internal structure from the encryption key itself, making the internal behavior vary between keys.

This design was intended to complicate certain forms of cryptanalysis and remains one of the algorithm’s most discussed features.

Complex key schedule

Before encryption begins, Twofish expands the user-provided key into a set of internal subkeys used throughout the encryption process.

This key expansion process helps ensure that every encryption round behaves differently and contributes to the overall security of the cipher.

Feistel network architecture

Twofish uses a Feistel network, a well-established design approach also found in several other successful block ciphers.

A Feistel structure repeatedly splits data into two halves and combines them through multiple rounds of transformation and mixing. One advantage of this design is that encryption and decryption can use closely related operations, simplifying implementation.

Twofish vs AES

Because Twofish was an AES finalist, it is often compared with AES.

Twofish vs AES

FeatureTwofishAES
Block size128 bits128 bits
Key sizes128, 192, 256 bits128, 192, 256 bits
AES competition resultFinalistWinner
Hardware accelerationLimitedWidely available
Modern adoptionModerateExtremely widespread
Current security statusSecureSecure

For most users, the primary difference is not security but adoption.

AES became the global standard and is built directly into many modern processors. As a result, AES often delivers better performance on current hardware.

That does not mean Twofish is insecure. It simply lacks the ecosystem advantages that come with being the industry standard.

Is Twofish still secure?

Yes.

As of 2026, no practical attack is known that can break the full Twofish algorithm when implemented correctly with strong keys.

Security researchers have analyzed Twofish extensively since its release. While academic attacks have targeted reduced-round versions of the cipher, these results have not translated into practical attacks against the complete design.

For real-world security, factors such as:

  • weak passwords,
  • poor key management,
  • software vulnerabilities,
  • outdated applications,

are far more likely to cause problems than weaknesses in Twofish itself.

Infographic explaining Twofish encryption and how it works

Why Twofish didn’t become AES

When the National Institute of Standards and Technology (NIST) selected a successor to DES, it evaluated multiple candidate algorithms through a public competition.

Twofish reached the final round alongside Rijndael, Serpent, RC6, and MARS.

NIST ultimately selected Rijndael, which became AES.

The decision was not based on Twofish being insecure. Rijndael was chosen because it offered an attractive combination of security, simplicity, flexibility, and performance across different environments.

Being an AES finalist remains a strong endorsement of Twofish’s design quality.

Twofish was designed by a team led by cryptographer Bruce Schneier and remains unbroken in practical use — see the official Twofish page and this technical overview for the details.

Where Twofish is used today

Although AES dominates modern encryption, Twofish still appears in several areas.

Disk encryption

Some disk encryption solutions allow users to choose Twofish as an encryption algorithm or combine it with other ciphers in encryption cascades.

This is one of the most common places where users may encounter Twofish directly.

Cryptographic libraries

Several cryptographic libraries continue to support Twofish for compatibility and interoperability purposes.

Developers may select it when maintaining legacy systems or when supporting multiple cipher options.

Specialized security environments

Some organizations and security professionals prefer having alternatives to AES available. While this is not necessary for most users, it explains why Twofish remains supported in certain tools and products.

Security today is about more than encryption

Strong encryption is only one component of a secure system.

Many significant security incidents stem from problems that have nothing to do with breaking encryption algorithms. Examples include:

  • software supply-chain compromises,
  • unpatched vulnerabilities,
  • stolen credentials,
  • poor access controls,
  • insecure cloud configurations.

Even the strongest cipher cannot protect data if attackers gain access through other weaknesses.

For that reason, organizations should focus on overall security practices rather than obsessing over minor differences between modern encryption algorithms.

Where a VPN fits in

Encryption algorithms such as Twofish protect stored data or application-level communications. They do not hide your IP address, secure public Wi-Fi connections by themselves, or prevent network operators from seeing connection metadata.

A VPN serves a different purpose. It encrypts traffic between your device and the VPN server, helping protect data in transit and reducing exposure on untrusted networks.

Useful VPN features may include:

  • Encrypted internet traffic
  • IP address masking
  • Kill Switch protection
  • DNS leak protection
  • Privacy-focused logging policies

A VPN does not replace strong encryption algorithms, and encryption algorithms do not replace a VPN. They solve different security problems.

In transit, VeePN relies on strong, modern VPN encryption, backed by a no-log policy and a Kill Switch so your data stays protected even if the connection drops.

FAQ

  • Is Twofish encryption still used?

    Yes. While AES is far more common, Twofish remains available in some disk encryption tools, cryptographic libraries, and specialized security applications.

  • Is Twofish as secure as AES?

    Both are considered secure when implemented correctly. AES has broader adoption, more hardware support, and significantly more real-world deployment, but no practical attack has broken the full Twofish algorithm.

  • Is Blowfish better than Twofish?

    Generally no. Twofish was designed as the successor to Blowfish and addresses several limitations of the older cipher, including Blowfish’s smaller 64-bit block size.

  • Should I choose Twofish or AES?

    For most users, AES is the practical choice because of its widespread support and performance advantages. If a trusted application offers Twofish, it remains a secure option.

  • Has Twofish ever been broken?

    No practical attack has broken the full Twofish cipher. It continues to be regarded as secure by the cryptographic community.

    • Written by VeePN Research Lab VeePN Research Lab is dedicated to provide you latest posts about internet security and privacy.
    Promo
    Knowledge is power,
    VeePN is freedom
    Get VeePN Now

    Download VeePN Client for All Platforms

    Enjoy a smooth VPN experience anywhere, anytime. No matter the device you have — phone or laptop, tablet or router — VeePN’s next-gen data protection and ultra-fast speeds will cover all of them.

    download qr code IOS and Android App

    Want secure browsing while reading this?

    See the difference for yourself - Try VeePN PRO for 3-days for $1, no risk, no pressure.

    Start My $1 Trial

    Then VeePN PRO 1-year plan

    promo article middle image
    Related Posts
    Related Posts
    Need secure browsing while reading?
    Get full protection for just $1 for 3 days.
    Limited offer
    Get VeePN