Blowfish
What is Blowfish?
BlowfishA 64-bit-block, variable-key-length Feistel cipher designed by Bruce Schneier in 1993; secure cryptanalytically but limited by a small block size and superseded by AES.
Blowfish is a symmetric block cipher designed by Bruce Schneier in 1993 as a fast, royalty-free alternative to DES and IDEA. It uses a 16-round Feistel structure on 64-bit blocks with keys of 32 to 448 bits and large key-dependent S-boxes. Cryptanalytically Blowfish is still considered unbroken in its full 16-round form, but its 64-bit block makes it vulnerable to birthday attacks such as Sweet32 when long sessions encrypt many gigabytes under one key. NIST and modern protocols therefore recommend 128-bit-block ciphers like AES instead. Blowfish remains historically important and lives on through derivatives — most notably the bcrypt password-hashing algorithm and the Twofish design — but it is no longer a recommended choice for new encryption use cases.
● Examples
- 01
Older versions of OpenSSH and OpenVPN supported Blowfish in CBC mode.
- 02
The bcrypt password hash derives its key schedule from Blowfish.
● Frequently asked questions
What is Blowfish?
A 64-bit-block, variable-key-length Feistel cipher designed by Bruce Schneier in 1993; secure cryptanalytically but limited by a small block size and superseded by AES. It belongs to the Cryptography category of cybersecurity.
What does Blowfish mean?
A 64-bit-block, variable-key-length Feistel cipher designed by Bruce Schneier in 1993; secure cryptanalytically but limited by a small block size and superseded by AES.
How do you defend against Blowfish?
Defences for Blowfish typically combine technical controls and operational practices, as detailed in the full definition above.