About

Blowfish is a symmetric-key block cipher designed by Bruce Schneier in 1993. It operates on 64-bit blocks using a variable-length key from 4 to 56 bytes. The algorithm employs a 16-round Feistel network with key-dependent S-boxes. Its key schedule is deliberately expensive: it requires 521 iterations of the encryption routine to derive the 18-entry P-array and four 256-entry S-boxes. This cost is a feature, not a bug. It makes brute-force attacks on short keys computationally painful. Misconfiguring the key or confusing encoding formats (Hex vs. Base64) is the most common source of decryption failures. This tool uses ECB mode with PKCS#7 padding. ECB is deterministic: identical plaintext blocks produce identical ciphertext blocks. For sensitive data requiring semantic security, consider CBC or CTR modes. This implementation is suitable for educational use, data obfuscation, and compatibility testing against Blowfish reference vectors.

Formulas

Blowfish encrypts a 64-bit plaintext block x by splitting it into two 32-bit halves x_L and x_R, then applying 16 rounds of the Feistel function:

For i = 1 to 16:
x_L = x_L ⊕ P_i
x_R = F(x_L) ⊕ x_R
Swap x_L, x_R

After 16 rounds, undo the last swap, then apply the final subkeys:

x_R = x_R ⊕ P₁₇
x_L = x_L ⊕ P₁₈

The Feistel function F splits a 32-bit input into four 8-bit quarters a, b, c, d and computes:

F(x_L) = ((S₁[a] + S₂[b]) mod 2³² ⊕ S₃[c]) + S₄[d]) mod 2³²

Where P₁…P₁₈ are the expanded subkeys, S₁…S₄ are the key-dependent S-boxes, and ⊕ denotes bitwise XOR. PKCS#7 padding appends n bytes of value n, where n = 8 − (len(plaintext) mod 8).

Reference Data

Parameter	Specification
Algorithm	Blowfish (Schneier, 1993)
Cipher Type	Symmetric-key block cipher
Block Size	64 bits (8 bytes)
Key Length	32 - 448 bits (4 - 56 bytes)
Rounds	16 (Feistel network)
P-array Size	18 × 32-bit subkeys
S-box Count	4 boxes × 256 entries
S-box Entry Size	32 bits
Key Schedule Cost	521 encryptions
Mode (this tool)	ECB (Electronic Codebook)
Padding (this tool)	PKCS#7
Output Encoding	Hexadecimal or Base64
Endianness	Big-endian
Year Published	1993
Patent Status	Unpatented, public domain
Successor	Twofish (AES finalist, 1998)
Common Uses	bcrypt password hashing, legacy VPNs, embedded systems
Known Weakness	64-bit block → birthday attack at 2³² blocks (~32 GB)
NIST Status	Not FIPS-approved (use AES for compliance)
Max Plaintext (this tool)	100 KB

Frequently Asked Questions

Three common causes: (1) The key used for decryption differs from the encryption key by even one character. Blowfish is sensitive to every byte of the key. (2) The encoding format (Hex vs. Base64) selected during decryption does not match the format used during encryption. A Hex-encoded ciphertext decoded as Base64 will produce incorrect bytes. (3) The ciphertext was truncated or modified. Even a single altered bit will corrupt the entire 64-bit block.

No. ECB mode encrypts each 64-bit block independently. Identical plaintext blocks always produce identical ciphertext blocks, which leaks structural patterns. The classic example is ECB-encrypted bitmap images where shapes remain visible. For data longer than one block or with repeating patterns, CBC, CTR, or GCM modes provide semantic security. This tool uses ECB for simplicity and interoperability testing.

A 64-bit block cipher encounters birthday-bound collisions after approximately 2³² blocks (32 GB of data). At that volume, block collisions leak plaintext information via the Sweet32 attack (CVE-2016-2183). For bulk encryption exceeding a few hundred megabytes, use AES (128-bit block size) instead.

Blowfish's key schedule requires 521 encryption operations to expand the key into usable subkeys. This is intentionally slow. For bcrypt (which uses Blowfish internally), this cost is amplified by a configurable work factor. A short 4-byte key still has only 2³² possibilities and is vulnerable. Use keys of at least 16 bytes (128 bits) for meaningful security.

Yes, if the other implementation also uses ECB mode, PKCS#7 padding (sometimes called PKCS#5 for 8-byte blocks), big-endian byte order, and the same key encoding (raw UTF-8 bytes). OpenSSL's bf-ecb mode with -nopad disabled matches this tool's output. If OpenSSL uses its custom EVP key derivation (with salt and MD5), the effective key will differ from the passphrase, causing decryption failure.

The Blowfish specification requires keys between 4 and 56 bytes. This tool enforces that range. Keys shorter than 4 bytes are rejected. Keys longer than 56 bytes are rejected. The key bytes are cycled through the 18-entry P-array during initialization, so shorter keys repeat more often, reducing effective entropy.