Blowfish Algorithm: An Interesting Overview In 7 Points
Introduction
Every 39 seconds, a hacker tries to get past the security of a system. Around 300,000 new malware is created every day in 2021. It is just a tiny part of the massive pool of hacking statistics of 2021. Every year companies spend millions, and in some big MNCs, billions of dollars to keep their systems safe from hackers. The world never felt so globally connected as it is now.
At the same time, it has become more scary and vulnerable. As a result, companies and individuals are looking for a way to keep their information hidden from hackers. And in their efforts to find methods to keep their systems safe, engineers come up with new forms of encryptions every once in a while, creating more complex encryptions than those previously seen.
In the same way, one of the researchers was able to create symmetric key encryption in 1993 and gave it the name of the Blowfish algorithm. The Blowfish algorithm was a massive jump in securing the online systems from breaches and malicious attacks. But as the year passed and hackers found their way around encryptions, its days of glory were over. And some other encryption, which was more complex and hard to decipher, replaced it. Even today, the same cycle continues.
Table of Contents
- What is the Blowfish Algorithm?
- Advantages of Using Blowfish Algorithm
- Steps of Blowfish Algorithm
- Use of Blowfish Algorithm in Java
- Blowfish Algorithm Explanation
- Blowfish Algorithm Encryption and Decryption
- Blowfish Algorithm Applications
Today we will be taking a trip down memory lane and dive deep in search of the true strength of the Blowfish Algorithm. And how the blowfish algorithm made the internet a secure place in the early 2000s. Indeed at that time, it was the best encryption technique. But is it still possible in the connected smart world of 2021? Let us find out.
1. What is the Blowfish Algorithm?
The Blowfish algorithm has many names, including Blowfish encryption, Blowfish cipher, or others, but they all have the same meaning and function. So let’s talk about the Blowfish algorithm and try to find one true definition.
A blowfish is one of the many symmetric keyed cryptographic encryption methods. It was designed and developed by Bruce Schneier in 1993.
Also, he placed the Blowfish algorithm in the public domain, which means anyone can use it without asking for his permission. Therefore, he didn’t patent the algorithm and didn’t make a single buck from it—a true hero of the modern world.
Once the Blowfish algorithm got included in several cipher suites and encryption products, vulnerabilities were found. Schneier worked on these vulnerabilities and made a better and more reliable encryption called AES.
We completely support the statement that without the development of the Blowfish algorithm, there won’t be AES or other symmetric encryption techniques used today to keep our computers safe from online attacks.
Blowfish Algorithm Definition
With the internet booming, people started using it for various confidential purposes. It was clear that some form of protection was needed while sending and receiving data via the internet. As a result, engineers and network administrators started looking for different methods for secure data transfer.
But encryption of data is preferred by most people worldwide. In the race to find the best encryption, Bruce Schneier was the first person to develop the symmetric encryption algorithm.
Symmetric encryption means that the key used to encrypt and decrypt data is the same. In the Blowfish algorithm, the encryption key and the decryption key convert confidential data into ciphertext. Blowfish is the godfather of the Twofish encryption algorithm and AES.
Blowfish also uses a block size of 64 that provides massive complexity, making the key entirely secure. Twofish did fix some issues with its updated and much larger 128 block size implementation. But still, it lacks the speed that some users look for in their encryption.
2. Advantages of Using Blowfish Algorithm
Now that you know, Blowfish is an algorithm that determines the key to output a cryptographic algorithm or a cipher. Since its inception, the Blowfish cipher has been gaining significance in encryption. We present the reasons below for why it is still widely used when it is 20 years old.
License-Free
The first thing we must consider is the availability of Blowfish encryption in the public domain. It is the fastest block cipher currently available for free. Thus, making it an ideal product for various computer processors and mobile processors. They process large amounts of data each second to help us reach the information we need every day.
Feistel Structure
Feistel is the method by which you can quickly transform any function into a permutation. Even in 2021, it remains one of the best methods of permutation in many block cipher-based encryption.
3. Steps of Blowfish Algorithm
Blowfish algorithm uses 64-bit block size, and the length of the key generated is somewhere between 32 bits to 448 bits. There are two parts to the algorithm. One is the key expansion part and the second one for data encryption.
Once it receives the request, the key expansion converts the 448 bits of a key into subkeys, leading the array to become 4168 bytes large.
Now for data encryption, the algorithm uses a 16 round Feistel cipher along with large key-dependent S-boxes. The S-boxes are essential components of the symmetric key algorithms, which work with the substitution method.
Every round of substitution in the S-boxes has its permutation key-dependent. The structure of the algorithm is similar to CAST-128 that uses fixed S-boxes.
Given below is the code that you can use to embed Blowfish in your code to make it secure by symmetric encryption:
*
Blowfish algorithm. Written 1997 by Paul Kocher (paul@cryptography.com).
This code and the algorithm are in the public domain.
*/
#define MAXKEYBYTES 56 /* 448 bits */
#define N 16
typedef struct {
uint32_t P[16 + 2];
uint32_t S[4][256];
} BLOWFISH_CTX;
unsigned long
F(BLOWFISH_CTX *ctx, uint32_t x)
{
uint16_t a, b, c, d;
uint32_t y;
d = x & 0x00FF;
x >>= 8;
c = x & 0x00FF;
x >>= 8;
b = x & 0x00FF;
x >>= 8;
a = x & 0x00FF;
y = ctx->S[0][a] + ctx->S[1][b];
y = y ^ ctx->S[2][c];
y = y + ctx->S[3][d];
return y;
}
void
Blowfish_Encrypt(BLOWFISH_CTX *ctx, uint32_t *xl, uint32_t *xr)
{
uint32_t Xl;
uint32_t Xr;
uint32_t temp;
int ii;
Xl = *xl;
Xr = *xr;
for (i = 0; i < N; ++i)
{
Xl = Xl ^ ctx->P[i];
Xr = F(ctx, Xl) ^ Xr;
temp = Xl;
Xl = Xr;
Xr = temp;
}
temp = Xl;
Xl = Xr;
Xr = temp;
Xr = Xr ^ ctx->P[N];
Xl = Xl ^ ctx->P[N + 1];
*xl = Xl;
*xr = Xr;
}
void
Blowfish_Decrypt(BLOWFISH_CTX *ctx, uint32_t *xl, uint32_t *xr)
{
uint32_t Xl;
uint32_t Xr;
uint32_t temp;
int ii;
Xl = *xl;
Xr = *xr;
for (i = N + 1; i > 1; –i)
{
Xl = Xl ^ ctx->P[i];
Xr = F(ctx, Xl) ^ Xr;
temp = Xl;
Xl = Xr;
Xr = temp;
}
temp = Xl;
Xl = Xr;
Xr = temp;
Xr = Xr ^ ctx->P[1];
Xl = Xl ^ ctx->P[0];
*xl = Xl;
*xr = Xr;
}
void
Blowfish_Init(BLOWFISH_CTX *ctx, uint16_t *key, int KeyLen)
{
uint32_t Xl;
{
int i, j, k;
uint32_t data, datal, datar;
for (i = 0; i < 4; i++)
{
for (j = 0; j < 256; j++) ctx->S[i][j] = ORIG_S[i][j];
}
j = 0;
for (i = 0; i < N + 2; ++i)
{
data = 0x00000000;
for (k = 0; k < 4; ++k)
{
data = (data << 8) | key[j];
j = j + 1;
if (j >= keyLen) j = 0;
}
ctx->P[i] = ORIG_P[i] ^ data;
}
datal = 0x00000000;
datar = 0x00000000;
for (i = 0; i < N + 2; i += 2)
{
Blowfish_Encrypt(ctx, &datal, &datar);
ctx->P[i] = datal;
ctx->P[i + 1] = datar;
}
for (i = 0; i < 4; ++i)
{
for (j = 0; j < 256; j += 2)
{
Blowfish_Encrypt(ctx, &datal, &datar);
ctx->S[i][j] = datal;
ctx->S[i][j + 1] = datar;
}
}
}
int
Blowfish_Test(BLOWFISH_CTX *ctx)
{
uint32_t L = 1, R = 2;
Blowfish_Init(ctx, (unsigned char*)”TESTKEY”, 7);
Blowfish_Encrypt(ctx, &L, &R);
if (L != 0xDF333FD2L || R != 0x30A71BB4L) return (-1);
Blowfish_Decrypt(ctx, &L, &R);
if (L != 1 || R != 2) return (-1); return (0);
}
4. Use of Blowfish Algorithm in Java
Now that you have understood the Blowfish meaning and its code, the next step is to learn its implementation using Java Cryptography Architecture (JCA). It is the main framework of java encryption and decryption. It also does the hashing of the encryption, which allows us to work with the cryptographic functions with Java programming. There are two categories of encryption algorithms that work in Java. The first one is symmetric encryption, and the second is asymmetric.
The Blowfish algorithm in Java is a symmetric encryption algorithm that is considered one of the most robust defenses against hackers trying to penetrate the security of software developed in Java.
Step 1 – To use the Blowfish algorithm in Java, you first need to import all the libraries associated with it.
Import the following libraries:
- Import javax.crypto.Cipher;
- Import javax.crypto.spec.SecretKeySpec;
- Import java.util.Base64;
Step 2 – Now, you create your code and make a key string to use for the encryption and the decryption process. Also, your key needs to be a secret.
Step 3 – After you are done making the key, create the encryption class process to encrypt the entered data.
Step 4 – Create the decryption class below the encryption class and add comments to make it easier for others to understand the code.
Step 5 – Once you have written the decryption class, close everything and save your java file. Now run the code and enter the text you want to cipher. Once you enter the ciphertext, its encryption will be done by the encryption class, and a new text will appear, generated using the Blowfish algorithm in cryptography.
5. Blowfish Algorithm Explanation
Blowfish has two subkeys present in arrays: the P-array contains 18-entry, and S-boxes have four 256-entry. After that, S-boxes are used to accept the incoming 8-bit input, and it will produce an output of 32-bit. In each round, one of the P-arrays is used. After all the rounds are done, and only the final one is left, each half of the data block gets XORed with one of the P-entries not used till now.
Also, as we said in our advantage section, the Blowfish algorithm works on a Feistel network. As a result, by X07Ring P17 and to P18, we can quickly invert it. So it can cipher the given text block with a different encryption key. P-array and S-boxes do the initial phase of encryption. Then with the help of P-entries placed in order, we get to XORed the secret key. After that, we can use the same method to encrypt the data presented as zero strings.
P1 and P2 replace the consequential cipher present in the algorithm. Then again, P1 and P2 get encrypted by the new modified subkeys. Blowfish cipher works this whole task 521 times to develop new subkeys for the P-array and the four S-boxes. In this entire procedure, only 4KB of data is generated by the Blowfish algorithm.
6. Blowfish Algorithm Encryption and Decryption
If you look on the internet right now, most people use Google Chrome, while some work on Safari and Microsoft Edge. Each browser comes with cybersecurity features. However, when you use one of the widely used browsers, it is fair to say that the risk of malicious URLs is pretty severe. Even right now, Google has confirmed that their browser, Google Chrome, has a zero-day vulnerability. It means that threat actors have already got their way around the latest Google Chrome update and can exploit it whenever they want.
Encryption
Before we proceed any further, we need to talk about why we need encryption in the first place? Encryption is one of the processes used to encode the data so it can remain hidden from unauthorized individuals. As a result, its primary function is to protect the personal information of a person, company, or industry.
You might have installed an antivirus on your computer, and that’s one of the first things you need to do. But to make data sending and receiving more secure, you need encryption.
The process of encryption is pretty simple. All you have to do is make sure that nobody can open the file or read it until they have the encryption key. The encryption key is responsible for encrypting the data. Any algorithm you choose to create the encryption key must be complex and reliable. That’s where the Blowfish algorithm in cryptography comes in.
With the help of the Blowfish algorithm in cryptography, you get the encryption and the decryption keys to use one form of an algorithm. As a result, the key generated for encryption must be used in the decryption of the data.
The Blowfish algorithm helps encrypt massive amounts of data in a short time, and its implementation can be easily worked out on hardware. The only issue with the Blowfish algorithm is that if someone finds out the decryption key, they can easily use it to decrypt the data and steal or see the content not made for them.
Decryption
Once you have created the blowfish algorithm’s encryption structure, you can use the same structure for decryption. It is because the Blowfish cipher works on the principle of Feistel structure cipher. Yes, function F is involved; it is still a fixed function.
Each half of the plain text is alternatively exclusive or with a round key and exclusively stored with the output of the F function. Also, the switches on the sides of the halves do not contribute to the value of halves.
As a result, during the decryption process, the exclusive-or un-does the most recent exclusive-or performed during encryption. There is one more thing that needs to be seen here. During the decryption process, the final exclusive-or should not take place before the round functions begin.
7. Blowfish Algorithm Applications
With time, the Blowfish algorithm has indeed become somewhat outdated. But there are still different technical fields where you can use the Blowfish algorithm. Given below are some examples of where this algorithm can be used to protect data and its transfer.
Password Management
Password management is one of the best use cases of Blowfish algorithms. We all use passwords to log in to our favorite apps and website. From social media platforms, such as Facebook.com, Tumblr, Pinterest, Reddit, etc., to e-commerce websites like Amazon.com, Aliababa.com, eBay.com, etc., all these platforms use the Blowfish algorithm in cryptography one way or the other to protect your user ID.
On the other hand, password management has to be done by a symmetric encryption algorithm. The main reason is that users don’t have to worry about finding and typing the new password every time they log in. Also, it will be much easier for the servers to maintain the information on the login IDs and the corresponding passwords.
The Blowfish algorithm used in password protection is pretty reliable. There’s a slight chance of your password being compromised. If you want to make sure that the password and login information is more secure, you can opt for two-step verification. The website will send you an OTP on your mobile phone or email to give you access to your homepage. The OTP sent to you and the OTP you type are the same, which shows that even in two-step verification, a symmetric encryption algorithm has been used.
Some useful password management tools currently using the Blowfish algorithm are Access manager, Java PasswordSafe, Web Confidential, etc.
Backup Tools
The software that backs up the company’s data needs to be highly secure. No attacker should be able to trespass the back tools to get to your data and delete it. It is one of the scenarios exploited quite often as companies don’t take the security of their backup tools seriously. That gives hackers an advantage. With the help of the Blowfish algorithm, backup tools can secure access. Thus, making sure that no unwanted person can reach the company’s archived files. Backup software using the Blowfish encryption algorithm is Symantec NetBackup and Backup for Workgroups.
Operating Systems
Linux, which is an open-source operating system, uses the Blowfish algorithm in various ways to keep its files secured. Linux is one of the preferable OS options for white hat hackers since most threat actors also use the same operating system to connect with and manipulate targeted systems. Apart from Linux, even OpenBSD takes the help of a Blowfish encryption algorithm to protect its data and users.
File and Disk Encryption
As we have said earlier, the Blowfish algorithm is pretty fast compared to other symmetric algorithms like Twofish and DES. But with speed, you lose complexity. As a result, essential documents sent over the internet have different encryptions. The files present in the company’s server are encrypted using the Blowfish algorithm. So no matter how big the files are in terms of size, they can be encrypted easily and in a short amount of time.
Also, when companies try to encrypt massive data, they are looking for a tool and an algorithm that they can easily understand and implement. It means the software to encrypt and decrypt the data must be easy to use and quick to finish both encryption and decryption. Thus, some of the industry-leading disk encryption software currently using blowfish algorithms are GnuPG, Bcrypt, and CryptoForge.
Miscellaneous
The industries and software mentioned above are the primary examples of where blowfish algorithms keep users and high-risk systems safe from attacks. In addition to this, email encryption such as A-lock and SecuMail is using it. Also, Secure Shell is software used to operate systems remotely over the network. The Blowfish algorithm is used for user authentication before giving them access to control their computers remotely. Some of the examples of Secure Shell systems using Blowfish are OpenSSH and PuTTY.
Conclusion
The Blowfish algorithm is one of the fastest symmetric cryptography techniques, which is still relevant and firmly holds its position as the fastest. In terms of decryption of data, the blowfish algorithm lacks some speed. Apart from this minor issue, it is the best, and every network administrator and software developer must know how to implement it with their work and code.
If you are a beginner in software development and want to learn how to make your software more secure using the Blowfish algorithm, make sure you check out the Master Certification In Cybersecurity. The program teaches you all the aspects of keeping your software safe during the development and release phases.
