For example, CrashPlan, an online backup service, is using 448-bit Blowfish to encrypt its backup files (only enterprise product line has the ability to choose using AES-256). According to Blowfish's creator Bruce Schneier, people should already move onto more modern successors. Why don't these application/services use Twofish, Threefish or AES instead? Is there any particular reasons or benefits to use Blowfish on services like online backup, or it is just an ill practice of the developer?
Is it still secure to keep using the more-than-two-decades-old Blowfish? Won't flaws and security holes be revealed over time?
