Blowfish Algorithm Decryption

[Pablo Tatts]

Blowfishis a symmetric-key block cipher, designed in 1993 by Bruce Schneier and included in many cipher suites and encryption products. Blowfish provides a good encryption rate in software, and no effective cryptanalysis of it has been found to date for smaller files. It is recommended Blowfish should not be used to encrypt files larger than 4GB in size, Twofish should be used instead.[3]

Schneier designed Blowfish as a general-purpose algorithm, intended as an alternative to the aging DES and free of the problems and constraints associated with other algorithms. At the time Blowfish was released, many other designs were proprietary, encumbered by patents, or were commercial or government secrets. Schneier has stated that "Blowfish is unpatented, and will remain so in all countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone."[5]

Blowfish has a 64-bit block size and a variable key length from 32 bits up to 448 bits.[5] It is a 16-round Feistel cipher and uses large key-dependent S-boxes. In structure it resembles CAST-128, which uses fixed S-boxes.

The F-function splits the 32-bit input into four 8-bit quarters and uses the quarters as input to the S-boxes. The S-boxes accept 8-bit input and produce 32-bit output. The outputs are added modulo 232 and XORed to produce the final 32-bit output (see image in the upper right corner).[6]

Decryption is exactly the same as encryption, except that P1, P2, ..., P18 are used in the reverse order. This is not so obvious because xor is commutative and associative. A common misconception is to use inverse order of encryption as decryption algorithm (i.e. first XORing P17 and P18 to the ciphertext block, then using the P-entries in reverse order).

Because the P-array is 576 bits long, and the key bytes are XORed through all these 576 bits during the initialization, many implementations support key sizes up to 576 bits. The reason for that is a discrepancy between the original Blowfish description, which uses 448-bit keys, and its reference implementation, which uses 576-bit keys. The test vectors for verifying third-party implementations were also produced with 576-bit keys. When asked which Blowfish version is the correct one, Bruce Schneier answered: "The test vectors should be used to determine the one true Blowfish".

Another opinion is that the 448 bits limit is present to ensure that every bit of every subkey depends on every bit of the key,[5] as the last four values of the P-array don't affect every bit of the ciphertext. This point should be taken in consideration for implementations with a different number of rounds, as even though it increases security against an exhaustive attack, it weakens the security guaranteed by the algorithm. And given the slow initialization of the cipher with each change of key, it is granted a natural protection against brute-force attacks, which doesn't really justify key sizes longer than 448 bits.

Blowfish is a fast block cipher, except when changing keys. Each new key requires the pre-processing equivalent of encrypting about 4 kilobytes of text, which is very slow compared to other block ciphers. This prevents its use in certain applications, but is not a problem in others.

In one application Blowfish's slow key changing is actually a benefit: the password-hashing method (crypt $2, i.e. bcrypt) used in OpenBSD uses an algorithm derived from Blowfish that makes use of the slow key schedule; the idea is that the extra computational effort required gives protection against dictionary attacks. See key stretching.

Blowfish has a memory footprint of just over 4 kilobytes of RAM. This constraint is not a problem even for older desktop and laptop computers, though it does prevent use in the smallest embedded systems such as early smartcards.

Blowfish was one of the first secure block ciphers not subject to any patents and therefore freely available for anyone to use. This benefit has contributed to its popularity in cryptographic software.

bcrypt is a password hashing function which, combined with a variable number of iterations (work "cost"), exploits the expensive key setup phase of Blowfish to increase the workload and duration of hash calculations, further reducing threats from brute force attacks.

Blowfish's use of a 64-bit block size (as opposed to e.g. AES's 128-bit block size) makes it vulnerable to birthday attacks, particularly in contexts like HTTPS. In 2016, the SWEET32 attack demonstrated how to leverage birthday attacks to perform plaintext recovery (i.e. decrypting ciphertext) against ciphers with a 64-bit block size.[11] The GnuPG project recommends that Blowfish not be used to encrypt files larger than 4 GB[3] due to its small block size.[4]

A reduced-round variant of Blowfish is known to be susceptible to known-plaintext attacks on reflectively weak keys. Blowfish implementations use 16 rounds of encryption, and are not susceptible to this attack.[12][13]

Looking for a quick & easy way to encrypt or decrypt data using Blowfish, our tool is the perfect solution. With just one mouse click, you can bf encrypt or bf decrypt any string. Give our Blowfish encryption/decryption tool a try today and see for yourself how easy it is to use!

Blowfish was designed in 1993 by Bruce Schneier, a well-known cryptographer and security expert. The algorithm was created as a replacement for the aging Data Encryption Standard (DES) and was intended to be a general-purpose encryption algorithm that could be used in a wide range of applications.

Blowfish is a symmetric-key block cipher that encrypts data in 64-bit blocks. It uses a variable-length key, from 32 bits to 448 bits, making it suitable for both domestic and exportable use. It is also fast and efficient in both software and hardware, and it has a simple structure that lends itself well to various optimizations. Additionally, Blowfish is a Feistel cipher, which means it divides the input data into two halves, processes them separately, and then combines them to produce the output.

It's worth noting that, as with any encryption algorithm, the security of the system ultimately depends on the strength of the key and the implementation. However, as Blowfish is not considered a secure encryption method by today's standards, it is recommended to use other encryption methods such as AES.

In conclusion, Blowfish is an encryption algorithm that has been around for over 25 years, it's fast and efficient and suitable for a wide range of applications, it has a simple structure that lends itself well to various optimizations. But it's not considered a secure encryption method by today's standards, it is recommended to use other encryption methods such as AES.

About, Data Protection & Imprint The information on the mod_rewrite cheat sheet is without any commitment. It is provided without guarantee of its accuracy or timeliness.

2014-2017 encode-decode.com

Hello i'm new to Java and i have the following problem: i'm trying to encrypt the password of a user using the blowfish algorithm, but when i try to decrypt it back to check the authentication it fails to decrypt it for some reason.

you are encrypting a password. that means you need to store a key somewhere (you cannot store it in the database or anyone that steals the database will be able to decrypt the passwords). instead, you should use a hash.

even then, you should not store passwords in this way. not even if you use a salt correctly. these days it is too easy to crack simply hashed passwords, even when salted. instead, use the bcrypt library or PBKDF2.

I have some encrypted data stored in db. The data was encrypted in Java with methods from Cypher class. It can be decrypted in the same way in java (with cipher.init, cipher.doFinal), but I need to decrypt it in sql. So there is way to decrypt the data in sql? For example in stored procedures?

as far as i know, there isn't a native way to do this for SQL Server, unless you count the CLR in 2005. You'd either use that to decrypt it - write something in C#/VB that decrypts using Blowfish - or you could pull it out to a small app or webpage and do it there and then update the rows.

you could give that a try; it may or may not work; for example, My company was using an AES encryption method for certain columns, and even with the same encryption seed, when i was testing the vb6 version we were using to encrypt/decrypt did not procude the same results as the extended stored procedure. named the same, but different in the details, so we ended up centralizing to always use the stored proc instead.

Lowell--help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

I tried with the DBA Toolkit, but you're right...The encryption in Java uses the blowfish encryption, I tried the same data to encrypt with the extended stored procedure for blowfish from the toolkit, but the results are not the same...Maybe I'm missing something?

Unfortunately I can't change the way how the data is encrypted in java, they use it for some time and it is very complex...They use a lot of keys to get a final key, and with this final key the data is encrypted with the methods for blowfish algorithm from Cipher class, which is in an extension for java jdk.

So I got this final key and tried to decrypt the data with the extended stored procedures. But it seems that it doesn't work. Maybe I should search or ask in java forums how this methods from Cipher class really work...

3a8082e126