Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [blowfish]

Blowfish is an encryption algorithm that can be used as a replacement for the DES or IDEA algorithms. Blowfish was designed in 1993 by Bruce Schneier as an alternative to existing encryption algorithms. Designed with 32-bit instruction processors in mind, it is significantly faster than DES. Since its origin, it has been analyzed considerably. Blowfish is unpatented, license-free, and available free for all uses.

Blowfish is an encryption algorithm that can be used as a replacement for the DES or IDEA algorithms. It is a symmetric (that is, a secret or private key) block cipher that uses a variable-length key, from 32 bits to 448 bits, making it useful for both domestic and exportable use. (The U. S. government forbids the exportation of encryption software using keys larger than 40 bits except in special cases.) Blowfish was designed in 1993 by Bruce Schneier as an alternative to existing encryption algorithms. Designed with 32-bit instruction processors in mind, it is significantly faster than DES. Since its origin, it has been analyzed considerably. Blowfish is unpatented, license-free, and available free for all uses.

65 questions
23
votes
1 answer

Why exactly is Blowfish faster than AES?

I've not been able to understand exactly the reason behind Blowfish being faster than AES. Is it dependent on the block size? Or is it processor dependent? (if Yes, then lets assume that AES accelerators are not used) I'd like to know the exact…
Sid
  • 233
  • 1
  • 2
  • 4
16
votes
2 answers

Why don't we use Blowfish if it hasn't been cracked?

Since Blowfish is old, well-audited, and has no published attacks, why are we using AES instead? I know that Bruce Schneier said that Blowfish is insecure and told people to transition to Twofish, but why? AES has many vulnerabilities, such as…
Evan Su
  • 479
  • 1
  • 5
  • 16
12
votes
1 answer

Can one efficiently iterate valid bcrypt hash output values?

bcrypt is an intentionally slow hash algorithm. In my last protocol idea, I wanted to use it to expand a password and then only transfer the bcrypt-hashed password. An efficient attack on this would be an ability to iterate all bcrypt hashes (or…
Paŭlo Ebermann
  • 22,946
  • 7
  • 82
  • 119
12
votes
3 answers

Is Blowfish strong enough for VPN encryption?

I'm looking at an OpenVPN connection between two sites configured to use 128 bit Blowfish in CBC mode, and trying to figure out how to assess the strength, but I just don't know enough of the maths. I could ask this over on Sec.SE, but there I think…
Rory Alsop
  • 675
  • 1
  • 13
  • 24
9
votes
2 answers

Is the 64-bit blocksize a fatal issue when encrypting TBs of data with Blowfish CBC?

Crashplan uses 448-bit Blowfish to encrypt the data you send them. The mode used is CBC, keys are multiple use, and IVs are generated with SecureRandom from JCE. Keys are not derived from the password, but are generated randomly. MACs used are MD5…
user7298
  • 91
  • 4
8
votes
5 answers

What encryption should I use: Blowfish, Twofish, or Threefish?

The title of this thread pretty much sums up what I'm asking: what is the best encryption to use out of the three — Blowfish, Twofish, or Threefish?
Fumerian Gaming
  • 103
  • 1
  • 2
  • 5
8
votes
2 answers

How do decryption algorithms determine whether your attempted passphrase is correct?

Judging by the algorithm on the Blowfish Wikipedia article, there is no way for the process to fail with an error. How then does GnuPG know when to tell you your password is correct when decrypting a file, rather than proceeding to decrypt…
Vortico
  • 183
  • 4
8
votes
1 answer

How can Blowfish be resistant against differential cryptanalysis if it doesn't have S-boxes tuned for that?

The S-boxes used in DES were carefully tuned for resistance against differential cryptanalysis, a technique not known to the public at that time but known to designers of DES. It was later discovered that even a small change to DES would make it…
juhist
  • 1,643
  • 1
  • 13
  • 18
7
votes
2 answers

Is using EAX mode with a 64-bit block cipher a bad idea?

EAX mode produces an authentication tag no longer than the length of the underlying cipher's blocksize. So in the case of using Blowfish (a 64-bit block cipher) in EAX mode, the resulting tag would be 8 bytes. Is an 8-byte tag sufficiently long (I…
hunter
  • 4,051
  • 6
  • 29
  • 42
6
votes
2 answers

Is it possible to construct a secure block cipher of size $2n$ given a secure block cipher of size $n$?

Given, say, the Blowfish block cipher, which is considered secure but only has a 64-bit block size, can we construct a secure block cipher of 128-bit block size? Say we run the key through two KDFs, and encrypt the first half of the block with the…
ithisa
  • 1,111
  • 1
  • 10
  • 23
6
votes
2 answers

Random session key + predictable IV

I'm using Blowfish in a toy Diffie-Hellman communications scheme. Random session keys are generated for each connection. In this case I can simply feed a null array to the IV right? The same plaintext would never be encrypted with the same…
ithisa
  • 1,111
  • 1
  • 10
  • 23
5
votes
1 answer

Understanding a Blowfish cryptanalysis

I'm reading a cryptanalysis on Blowfish, and I've come across something that I don't quite get. Let's denote $$\delta = a \oplus a'$$ where a and a' are bytes that cause a collision in some S-box when entered as the position to use in said box. The…
EscalatedQuickly
  • 223
  • 1
  • 2
  • 8
5
votes
1 answer

Blowfish Weak keys

I've read about the weak key issue with Blowfish, but can't seem to find anything that explains the practical effect of weak keys on Blowfish with the full 16 rounds. Is there any actual attack upon non-reduced-round Blowfish, in the event that a…
Blowfish
  • 75
  • 3
5
votes
4 answers

Which symmetric cipher is best for studying?

I would like to study a modern symmetric cipher (I have never studied a cipher before) and I was wondering which would be the best cipher for studying purposes of the following: AES (Rijndael), Blowfish, Twofish, Threefish or Serpent. Basically I am…
Superpelican
  • 53
  • 2
5
votes
2 answers

Is my id obfuscation algorithm secure?

I'm designing an id obfuscation system. My system includes: Embedded chips, each chip has a unique 32-bit address (id). Server Insecure low-bandwidth unstable one-way channels from the chips to the server. The chips send messages to the server…
Ozo
  • 309
  • 2
  • 11
1
2 3 4 5