[Freaky]

Sure, but it's not exactly putting them in a good light is it? Dressing up obsolete stuff as state of the art "same as your bank uses", while either being unwilling or unable to migrate to something more era-appropriate.

Calls into question their competence, their honesty and their architecture all at once.

[dragontamer]

Wait, what about Blowfish is insecure? BCrypt is built on top of Blowfish.

Blowfish supports key-lengths up to 448-bits. And I've never heard of a single criticism of the function. Its just kinda... less used than Rijndael because it didn't "officially" win the contest. But otherwise, it is a fine function.

EDIT: Confused Twofish with Blowfish in the AES finalists.

[Freaky]

Obsolete is not the same as insecure. But it is old, it does have its weaknesses, and there have been better options out there for a very long time. Why continue to use it? Is upgrading your crypto that difficult that you'd rather just leave it for another decade or two?

It also calls into question the nature of all the other crypto they're using - is that all >20 years old too? Still tuned for a world of 486's and 68040's?