Blowfish Encryption/Decryption Tool

Blowfish is a symmetric 64-bit block cipher designed by Bruce Schneier and published in 1993 as a fast, unpatented alternative to DES. Its 16-round Feistel structure uses a variable-length key from 32 to 448 bits. The key schedule generates an 18-entry P-array and four 256-entry S-boxes (totalling about 4 KB of subkey material) by encrypting the hexadecimal expansion of π — a public, deterministic process that ensures the subkeys contain no hidden structure. Blowfish was used as the default cipher in OpenVPN (BF-CBC mode) until version 2.4.0 (2017), when it was superseded by AES-256-GCM.

Blowfish's key setup is intentionally slow — requiring 521 iterations of itself to derive subkeys — making brute-force key searches expensive but not suitable for applications that need to generate many keys rapidly (bcrypt, which uses a modified “Eksblowfish” variant, exploits this property for password hashing with a configurable cost factor of 4 through 31, each increment doubling the key-setup time). Blowfish's primary limitation is its 64-bit block size: the Sweet32 attack (CVE-2016-2183, Bhargavan and Leurent, 2016) demonstrated that encrypting 32 GB of data under the same CBC key creates a statistically significant probability of birthday-bound block collisions, allowing plaintext recovery from captured traffic.

Key Features

• Variable key length: 32 to 448 bits in 8-bit increments — the same 16-round Feistel structure scales across all key lengths, with performance only affected by the one-time key setup, not by per-block encryption
• Pi-derived key schedule: all subkeys initialized from hex digits of pi before key material is mixed in, ensuring the key schedule has a transparent, public initialization with no hidden weak-key trapdoors
• Fast per-block throughput on 32-bit hardware: designed before AES-NI, Blowfish is competitive in pure software on 32-bit platforms where AES hardware acceleration is unavailable
• bcrypt lineage: the Eksblowfish key setup used in bcrypt password hashing (OpenBSD 1999) derives from Blowfish's slow subkey generation — enabling work-factor tuning independent of the underlying block cipher

Encryption Modes

• CBC: Cipher Block Chaining for Blowfish — Blowfish's 64-bit blocks XOR with the previous ciphertext before each Feistel round sequence. The SWEET32 limit applies: after approximately 32 GB of data encrypted under the same CBC key, the birthday bound (2^32 blocks) is reached and block collisions become statistically exploitable. For any session or key that will exceed 32 GB, switch to AES-256-GCM or re-key before hitting the threshold.
• ECB: Electronic Codebook for Blowfish — each 8-byte (64-bit) block independently processed through all 16 Feistel rounds using the same derived subkeys. ECB reveals patterns when identical 8-byte blocks appear in the plaintext. Use only for single-block operations like testing, token encryption, or wrapping a 64-bit key material segment.
• CFB: Cipher Feedback for Blowfish — Blowfish's block function encrypts the running ciphertext (from IV) and the top n bits XOR with n plaintext bits. Suitable for streaming, error-propagating data under the same 32 GB per-key Sweet32 constraint as CBC; re-key before reaching the 2^32-block birthday bound.
• OFB: Output Feedback for Blowfish — Blowfish's block function iterates on the feedback register (initialized from IV) independently of the plaintext, generating a deterministic keystream. Unlike CBC and CFB, OFB error does not propagate, but the 2^32-block keystream cycle limit (64-bit internal state birthday bound) still applies; re-key before exhausting the keystream.

Security Considerations

• Sweet32 (CVE-2016-2183, Bhargavan and Leurent, 2016): Blowfish's 64-bit blocks make CBC-mode encryption vulnerable to birthday-bound attacks after approximately 32 GB of traffic under the same key. The researchers demonstrated a live exploit against HTTPS sessions using Triple-DES and Blowfish. The threshold is 2^32 blocks = 32 GiB; any CBC key must be rotated before reaching this limit.
• OpenVPN deprecated BF-CBC as default in version 2.4.0 (2017) following the Sweet32 disclosure, replacing it with AES-256-GCM as the recommended cipher. OpenVPN connections using BF-CBC now generate deprecation warnings. Legacy VPN configurations and archived traffic may still use BF-CBC and require Blowfish for access.
• No algorithmic attack breaks all 16 rounds of Blowfish. The cipher has resisted differential and linear cryptanalysis for over three decades. The only practical concern is the 64-bit block Sweet32 issue for bulk data — the Feistel structure and S-box design remain cryptographically sound against known attacks.
• For all new applications requiring a block cipher, use AES-128-GCM or AES-256-GCM. Blowfish is appropriate for decrypting legacy BF-CBC data (OpenVPN archives, old PGP implementations), bcrypt-adjacent testing (understanding Eksblowfish), or cryptographic education about the trade-offs that led to the AES competition.

Use Cases

• Password hashing heritage (bcrypt): bcrypt (Niels Provos and David Mazieres, 1999) uses a modified Eksblowfish key setup that accepts a cost factor and a 128-bit salt, producing a 184-bit output hash; understanding the underlying Blowfish key scheduling is essential to understanding bcrypt's security model
• OpenVPN legacy archive decryption: OpenVPN configurations from 2016 and earlier that used BF-CBC as the default data channel cipher generate traffic that requires the original BF-CBC implementation to decrypt; migrating these archives to AES-256-GCM requires first decrypting the BF-CBC layer
• Low-resource embedded systems: Blowfish's small code footprint and 32-bit-optimized design make it deployable on microcontrollers where AES-NI is unavailable and RAM is insufficient for AES-256 key schedule expansion, provided per-key data volumes stay well below the 32 GB Sweet32 threshold
• Cryptography education: Blowfish's transparently documented structure (pi subkey derivation, S-box substitution, Feistel round function) and 30-year attack history make it an ideal teaching example of symmetric cipher design trade-offs between key-setup cost, per-block speed, and block-size security margins

References

• Bruce Schneier's Official Blowfish Page
• Wikipedia - Blowfish (cipher)