Stack Overflow
Stack Overflow

Questions tagged [blowfish]

Blowfish is a block cipher designed in 1993 to be fast on the general purpose CPUs of the time. It features a 64 bits block size and a variable key size up to 448 bits.

One should likely not use use Blowfish in any new designs, to quote Bruce Schneier its designer in a 2007 interview,

There weren't enough alternatives to DES out there. I wrote Blowfish as such an alternative, but I didn't even know if it would survive a year of cryptanalysis. Writing encryption algorithms is hard, and it's always amazing if one you write actually turns out to be secure. At this point, though, I'm amazed it's still being used. If people ask, I recommend Twofish instead.

One should note that Twofish was one of the losing contestant to the AES competition, so the general cryptography community would likely recommend instead of .

Wikipedia page on Blowfish

460 questions
143
votes
9 answers

Comparison of DES, Triple DES, AES, blowfish encryption for data

Does anyone have pros and cons together for comparing these encryption algorithms ?
yogsma
  • 10,142
  • 31
  • 97
  • 154
111
votes
7 answers

AES vs Blowfish for file encryption

I want to encrypt a binary file. My goal is that to prevent anyone to read the file who doesn't have the password. Which is the better solution, AES or Blowfish with the same key length? We can assume that the attacker has great resources…
mimrock
  • 4,813
  • 8
  • 32
  • 35
95
votes
3 answers

How to hash long passwords (>72 characters) with blowfish

The last week I read a lot articles about password hashing and Blowfish seems to be (one of) the best hashing algorithm right now - but that's not the topic of this question! The 72 character limit Blowfish only consider the first 72 characters in…
Frederik Kammer
  • 3,117
  • 3
  • 28
  • 29
32
votes
7 answers

What is a blowfish secret in phpMyAdmin?

About setting up the config.inc.php, the official phpMyAdmin docs says $cfg['blowfish_secret'] = 'theExampleWrites16ValuesHere'; // use here a value of your choice What is a blowfish secret? How do I generate, or choose, a value?
Muteking
  • 1,465
  • 5
  • 18
  • 31
30
votes
4 answers

Why does crypt/blowfish generate the same hash with two different salts?

This question has to do with PHP's implementation of crypt(). For this question, the first 7 characters of the salt are not counted, so a salt '$2a$07$a' would be said to have a length of 1, as it is only 1 character of salt and seven characters of…
Dereleased
  • 9,939
  • 3
  • 35
  • 51
27
votes
2 answers

How to create and store password hashes with Blowfish in PHP

1) How do you create secure Blowfish hashes of passwords with crypt()? $hash = crypt('somePassword', '$2a$07$nGYCCmhrzjrgdcxjH$'); 1a) What is the significance of "$2a"? Does it just indicate that the Blowfish algorithm should be used? 1b) What is…
user479911
25
votes
3 answers

Is Bcrypt used for Hashing or Encryption? A bit of confusion

I have been reading about bcrypt (application perspective). Thinking of using it to store passwords on my site. Out of some stuff that I read it suggests either ways: e.g. 1: Bcrypt is a cross platform file encryption utility from bcrypt e.g. 2:…
ThinkingMonkey
  • 12,539
  • 13
  • 57
  • 81
25
votes
3 answers

PASSWORD_DEFAULT vs PASSWORD_BCRYPT

What is the difference between PASSWORD_DEFAULT and PASSWORD_BCRYPT? Do they both use Blowfish encryption algorithm? What is cost in an algorithm? How to set up password_hash in PHP produce a 255-hash length instead of 60?
rexhin
  • 409
  • 1
  • 4
  • 11
18
votes
1 answer

Crypt for password hashing. Blowfish produces weird output

I am having a bit little bit of trouble understanding php's crypt function. My PHP version is 5.4.7. I want to use crypt to store salted passwords in the database, because as far as I am told, developers who use md5 to hash passwords are to be…
Anpan
  • 1,146
  • 1
  • 10
  • 20
17
votes
1 answer

BCrypt: How to determine whether two hashes refer to the same password

I wonder how BCrypt can infer the correctness of a entered password, if the generated hash is different for each run? Example: Given password: "password123" Lets say, I hash the given password 10 times and receive:…
Tunguska
  • 1,205
  • 3
  • 18
  • 37
16
votes
4 answers

Encryption with BlowFish in Java

Following code works fine for me to encrypt a string with the BlowFish encryption. // create a key generator based upon the Blowfish cipher KeyGenerator keygenerator = KeyGenerator.getInstance("Blowfish"); // create a key …
StefanE
  • 7,578
  • 10
  • 48
  • 75
15
votes
1 answer

What is the correct format for a blowfish salt using PHP's crypt?

I have read the information provided on the PHP Manual Entry for crypt(), but I find myself still unsure of the format for a salt to trigger the Blowfish algorithm. According manual entry, I should use '$2$' or '$2a$' as the start of a 16 character…
Dereleased
  • 9,939
  • 3
  • 35
  • 51
14
votes
1 answer

Using Blowfish Encryption within .NET

I am working on a project where I need to undertake Blowfish encryption and decryption. Is there anything out there that others are using to do this within but cannot find anything within a .NET C# environment? I would ideally like something does…
Cragly
  • 3,554
  • 9
  • 45
  • 59
13
votes
3 answers

Why does the Blowfish output in Java and PHP differ by only 2 chars?

I have a blowfish encryption script in PHP and JAVA vice versa that was working fine until today when I came across a problem. The same content is encrypted differently in Java vs PHP by only 2 chars, which is really…
Pentium10
  • 204,586
  • 122
  • 423
  • 502
10
votes
2 answers

How to use BouncyCastle in C# for Blowfish one-way hashing?

I've seen a ton of questions asked about Blowfish and C# and the usual answer is BouncyCastle. However, the project has basically no documentation and I can't find my way around the directory structure to even find unit tests as examples. I mean, is…
Earlz
  • 62,085
  • 98
  • 303
  • 499
1
2 3
30 31