Blowfish Encryption/Decryption
Online Blowfish encryption/decryption tool supporting variable key lengths (32-448 bits) and CBC/ECB/CFB/OFB modes.
Security Notice
Blowfish's 64-bit block size may be vulnerable to birthday attacks when encrypting large amounts of data. For new projects requiring maximum security, AES-256 is recommended.
About Blowfish Encryption
Blowfish is a symmetric-key block cipher designed by Bruce Schneier in 1993. It was one of the first secure block ciphers not subject to any patents, free for all to use.
Blowfish uses a 64-bit block size and supports variable key lengths from 32 to 448 bits. It employs a 16-round Feistel network structure, making it both fast and secure for most applications.
Key Features
- Variable Key Length: 32 to 448 bits (4 to 56 bytes), flexible security levels
- 64-bit Block Size: Processes data in 8-byte units
- 16-round Feistel Network: Provides strong diffusion and confusion
- Fast Encryption: Optimized for 32-bit processors, much faster than DES
Encryption Modes Explained
- CBC: Each plaintext block is XORed with the previous ciphertext block before encryption. Requires IV, most secure.
- ECB: Each block is encrypted independently. No IV needed, but identical plaintext produces identical ciphertext.
- CFB: Turns the block cipher into a stream cipher. Requires IV.
- OFB: Output feedback mode, turns block cipher into stream cipher. Requires IV.
Algorithm Comparison
| Algorithm | Key Length | Block Size | Security | Speed |
|---|---|---|---|---|
| Blowfish | 32-448 bits | 64 bits | Good | Fast |
| AES | 128/192/256 bits | 128 bits | Excellent | Fast |
| DES | 56 bits | 64 bits | Weak | Fast |
| 3DES | 112/168 bits | 64 bits | Medium | Slow |
Security Recommendations
- 1. Blowfish's 64-bit block size is vulnerable to birthday attacks when encrypting large data (>32GB) with the same key.
- 2. For new projects requiring maximum security, use AES or Blowfish's successor Twofish.
- 3. Always use CBC or other chaining modes instead of ECB for better security.
- 4. When using the same key, use a unique IV for each encryption operation.
Usage Scenarios
- Password Hashing: bcrypt is based on Blowfish, widely used for password storage
- File Encryption: Suitable for encrypting individual files and archives
- VPN & Secure Communication: Used in OpenVPN and other security protocols
- Legacy System Compatibility: Maintaining compatibility with Blowfish-based systems
FAQ
Is Blowfish secure?
Blowfish remains secure for most applications, but due to its 64-bit block size, it may be vulnerable to birthday attacks when encrypting large amounts of data. AES is recommended for new projects.
What's the difference between Blowfish and AES?
Blowfish uses 64-bit blocks with variable key lengths (32-448 bits), while AES uses 128-bit blocks with fixed key lengths (128/192/256 bits). AES is the current industry standard.
Why use an IV?
IV (Initialization Vector) randomizes encryption so identical data doesn't encrypt to identical output, preventing pattern analysis.
Is data uploaded to a server?
No. Everything runs in local JavaScript. Your privacy is protected.