Print book
Print this chapterThe Blowfish Cipher
The Blowfish cipher has been studied in information security for more than 20 years. As you learn about this cipher, pay attention to the creator and the year it was created. Is Blowfish still in use? Why is it in use, or why is it not in use? What type of cipher is Blowfish? What is the key length of Blowfish? Why would the Twofish cipher be chosen over Blowfish? Why would Blowfish be chosen over DES or IDEA?
Blowfish is a fast block cipher, except when changing keys. Each new key requires the pre-processing equivalent of encrypting about 4 kilobytes of text, which is very slow compared to other block ciphers. This prevents its use in certain applications, but is not a problem in others.
In one application Blowfish's slow key changing is actually a benefit: the password-hashing method (crypt $2, i.e. bcrypt) used in OpenBSD uses an algorithm derived from Blowfish that makes use of the slow key schedule; the idea is that the extra computational effort required gives protection against dictionary attacks. See key stretching.
Blowfish has a memory footprint of just over 4 kilobytes of RAM. This constraint is not a problem even for older desktop and laptop computers, though it does prevent use in the smallest embedded systems such as early smartcards.
Blowfish was one of the first secure block ciphers not subject to any patents and therefore freely available for anyone to use. This benefit has contributed to its popularity in cryptographic software.
bcrypt is a password hashing function which, combined with a variable number of iterations (work "cost"), exploits the expensive key setup phase of Blowfish to increase the workload and duration of hash calculations, further reducing threats from brute force attacks.
bcrypt is also the name of a cross-platform file encryption utility developed in 2002 that implements Blowfish.