Stack Overflow
Stack Overflow

Questions tagged [blowfish]

Blowfish is a block cipher designed in 1993 to be fast on the general purpose CPUs of the time. It features a 64 bits block size and a variable key size up to 448 bits.

One should likely not use use Blowfish in any new designs, to quote Bruce Schneier its designer in a 2007 interview,

There weren't enough alternatives to DES out there. I wrote Blowfish as such an alternative, but I didn't even know if it would survive a year of cryptanalysis. Writing encryption algorithms is hard, and it's always amazing if one you write actually turns out to be secure. At this point, though, I'm amazed it's still being used. If people ask, I recommend Twofish instead.

One should note that Twofish was one of the losing contestant to the AES competition, so the general cryptography community would likely recommend instead of .

Wikipedia page on Blowfish

460 questions
6
votes
2 answers

Is there any way to use bcrypt "hashing" in PHP 5.2?

I'm running a website with password hashing, but I think the current algorithm is insufficient. I tried to use PHP's crypt() with the blowfish option, but my PHP version is only 5.2 so CRYPT_BLOWFISH is not enabled. I've seen 3rd party libraries…
user887068
  • 133
  • 1
  • 6
6
votes
2 answers

jBCrypt serious issue with checkpw (return true when it shouldn't?)

EDIT: Ok so I've somewhat found an answer here BCrypt says long, similar passwords are equivalent - problem with me, the gem, or the field of cryptography? New question though, how can someone recommend using bCrypt for hashing if you have to limit…
jfrobishow
  • 2,897
  • 2
  • 27
  • 42
6
votes
1 answer

Moving from mcrypt with Blowfish & ECB to OpenSSL

In the (not too distant) past a decision has been made (by someone who longer works here) to always 'encrypt' database IDs to something else, on the fly, whenever it was needed for external communication. Now, we've moved from PHP 5.x to PHP 7.0 for…
Mave
  • 2,413
  • 3
  • 28
  • 54
6
votes
2 answers

PHP Secure Session

I'm creating an application similar to phpmyadmin (database management UI). The user needs to authenticate himself against the database and the application needs to store the credentials somehow. SSL is not an option for all installs. Idea 1: User…
halfdan
  • 33,545
  • 8
  • 78
  • 87
6
votes
2 answers

How is crypt($pass, '$2y$09$salt') === crypt($pass, crypt($pass, '$2y$09$salt')) in PHP?

I'm ok really confused on the crypt() PHP function. How does the following two crypt functions give the same output when the second crypt is clearly using an different 2nd argument? Diff salt means diff hash right? echo crypt("password",…
user3388884
  • 4,748
  • 9
  • 25
  • 34
6
votes
3 answers

C# blowfish encryption/decryption

Anyone got a link to a blowfish library which can encrypt/decrypt text ? I found some .dll's for Windows and used pinvoke to encrypt/decrypt text but those dll's doesn't work on linux (mono). Preferable I want a library to work on both windows and…
ravedome
  • 69
  • 1
  • 1
  • 2
6
votes
3 answers

How to implement Blowfish algorithm in iOS

What is the best way to implement BlowFish ECB encryption in iOS??? I have been googling a lot and found the library here. But there are no documentation of this library. Not sure how to use it.
Ratikanta Patra
  • 1,177
  • 7
  • 18
6
votes
2 answers

Using Blowfish for Encryption with PHP

I am working on a registration form where I need to encrypt password, I've heard that it is recommended for me to use the Blowfish encryption for passwords, How do you implement a blowfish encryption using PHP crypt() function? also, I am planning…
KyelJmD
  • 4,682
  • 9
  • 54
  • 77
5
votes
1 answer

Encrypt string with Blowfish in NodeJS

I need to encrypt a string but I almost get the output I desire, I read online that it has something to do with padding and iv_vector at the end to complete for the remaining 8 bytes to be same length as txtToEncrypt. I'm using this library…
Hassan Ila
  • 574
  • 1
  • 6
  • 20
5
votes
2 answers

Choosing a encryption key from Diffie-Hellman output

I implemented Diffie–Hellman key exchange in Java with some large groups from RFC 3526. My output is a fairly large array of bytes. Is it safe to use the first 448 bits (56 bytes) of the output for a blowfish key? Should I transform the bytes in any…
Eric Lathrop
  • 1,338
  • 11
  • 18
5
votes
2 answers

php crypt() blowfish salt length backward compatible

I used crypt() to hash password, with a blowfish salt like this: $2a$, 2 digits, $, 21 chars in [a-zA-Z0-9] Here I made a mistake that chars length after third $ is 21 not 22. But it worked fine so I didn't find the error. It works on my desktop…
Jacky Jou
  • 331
  • 2
  • 9
5
votes
1 answer

jsfiddle - phising warning in chrome

I'm getting this message after I press "run": Reported Phishing Website Ahead! Google Chrome has blocked access to fiddle.jshell.net. This website has been reported as a phishing website. Phishing websites are designed to trick you into…
thelolcat
  • 10,995
  • 21
  • 60
  • 102
5
votes
3 answers

CakePHP - How do I implement blowfish hashing for passwords?

Struggling to find answers to a few basic questions about using Blowfish in Cake 2.4. AppController.php public $components = array( 'Auth' => array( 'authenticate' => array( 'Form' => array( 'fields' =>…
BadHorsie
  • 14,135
  • 30
  • 117
  • 191
5
votes
4 answers

PHP crypt() Blowfish Function Not Working

This is my first time using the crypt() function in PHP, and I can't figure out why it isn't working. My code is based on this article: http://www.techrepublic.com/blog/australia/securing-passwords-with-blowfish/1274 function blowfishHash ($pw) { …
Joel G
  • 67
  • 1
  • 7
5
votes
3 answers

How to automatically generate salt for crypt method with blowfish

I have just started learning PHP and I want to create a website with a login for my final year university project. I've read that blowfish is the best method for hashing in a number of places like here: openssl_digest vs hash vs hash_hmac?…
Connel
  • 1,844
  • 4
  • 23
  • 36
1 2
3
30 31