What is Blowfish? Who uses Blowfish?

Blowfish is the first symmetric encryption algorithm created by Bruce Schneier in 1993. Symmetric encryption uses a single encryption key to both encrypt and decrypt data. The sensitive data and the symmetric encryption key are utilized within the encryption algorithm to turn the sensitive data into ciphertext. Blowfish, along with its successor Twofish, was in the running to replace the Data Encryption Standard (DES) but failed due to the small size of its block. Blowfish uses a block size of 64, which is considered wholly insecure. Twofish fixed this issue, by implementing a block with a size of 128. Blowfish is much faster than DES, but it trades in its speed for security.

Products that use Blowfish

Though it is not as secure as other symmetric encryption algorithms, many products in many different areas of the Internet utilize Blowfish. Different types of products that Blowfish is a part of are:

  • Password Management: Password management software and systems protect and create passwords. Blowfish has been used in a variety of password management tools to both create passwords and encrypt saved passwords. Examples of password management tools using Blowfish include:
    • Access Manager
    • Java PasswordSafe
    • Web Confidential
  • File/Disk Encryption: Software that encrypts files or disks is extremely common today as so many organizations have sensitive data they need to keep secure. This software must be straightforward for use by companies and quick to finish the encryption process. Thus, Blowfish is utilized in these encryption systems often in products such as:
    • GnuPG
    • Bcrypt
    • CryptoForge
  • Backup Tools: Software that backs up vital infrastructure in an organization must have the ability to encrypt information in those backups. This is in case the backup contains sensitive information. Backup systems that use Blowfish are:
    • Symantec NetBackup
    • Backup for Workgroups
  • Email Encryption: Encryption for emails is extremely important on any device. Different IOS, Linux, and Windows software all use Blowfish for email encryption. Examples:
    • A-Lock
    • SecuMail
  • Operating System Examples:
    • Linux
    • OpenBSD
  • Secure Shell (SSH)Secure Shell is used to remotely access computer networks while authenticating the user through the use of encryption methods like Blowfish. Examples:

    • OpenSSH
    • PuTTY

Comparison Table

Advantages Disadvantages
  • Faster than other encryption algorithms, such as the Data Encryption Standard (DES)
  • Blowfish is unpatented and free to use. This means anyone can take and use Blowfish for whatever they want to
  • The Blowfish algorithm also has a lesser amount of operations to complete compared to other encryption algorithms
  • The key schedule of Blowfish takes a long time, but this can be advantageous, as brute force attacks are more difficult
  • The key schedule of Blowfish takes a long time, equivalent to encrypting 4KBs of data, which can be a disadvantage or an advantage. On the Disadvantage side, it takes a very long time to do
  • The small block size of Blowfish means that Birthday Attacks can occur and compromise the encryption algorithm
  • It is followed by Twofish, which was created to replace Blowfish, as it is better in most ways