Blowfish
Designer
Bruce Schneier
Published:
1994
Alias:
"OpenPGP.Cipher.4"
References:
- [Def] Bruce Schneier
- "Description of a New Variable-Length Key, 64-Bit Cipher (Blowfish),"
- Fast Software Encryption, Cambridge Security Workshop Proceedings, pp. 191-204. Springer-Verlag, 1994.
- [Inf] Bruce Schneier,
- "Blowfish -- One Year Later,"
- "Section 14.3 Blowfish,"
- Applied Cryptography, Second Edition, John Wiley & Sons, 1996.
- (Note: the C source in the appendix contains a ; this bug is not present in Eric Young's C reference implementation.)
- [An] S. Vaudenay
- "On the weak keys of Blowfish,"
- Fast Software Encryption, Third International Workshop, Volume 1008 of Lecture Notes in Computer Science (B. Preneel, ed.), pp. 286-297. Springer-Verlag, 1995.
- [Test] Eric Young,
- Blowfish test vectors,
- ctors.txt>
- Key length: Minimum 32, maximum 448, multiple of 8 bits; default 128 bits.
- Block size: 8 bytes.
Security comment:
The weak keys described in S. Vaudenay's paper do not appear to be significant for full (16-round) Blowfish.
Variant:
"Blowfish-ISK" - the subkeys are specified (using the notation of Applied Cryptography) as P1..18 first, followed by S1, 0..255, S2, 0..255, S3, 0..255, and S4, 0..255. Each entry is represented as 4 bytes in big-endian order.
Weak keys may be avoided by ensuring that no S-box has duplicate entries (i.e. that there does not exist i, j, k where j != k such that Si, j = Si, k). |
