Password Manager for Mobile Devices, Mac OS & Windows
Introduction to Blowfish
Blowfish is a keyed, symmetric cryptographic block cipher designed by Bruce Schneier in 1993 and placed in the public domain. Blowfish is included in a large number of cipher suites and encryption products, including SplashID. Blowfish’s security has been extensively tested and proven. As a public domain cipher, Blowfish has been subject to a significant amount of cryptanalysis, and full Blowfish encryption has never been broken. Blowfish is also one of the fastest block ciphers in public use, making it ideal for a product like SplashID that functions on a wide variety of processors found in mobile phones as well as in notebook and desktop computers.
Schneier designed Blowfish as a generalpurpose algorithm, intended as a replacement for the aging DES and free of the problems associated with other algorithms.
Notable features of the design include keydependent Sboxes and a highly complex key schedule.
How it works: the Blowfish algorithm
Blowfish has a 64bit block size and a key length of anywhere from 32 bits to 448 bits. It is a 16round Feistel cipher and uses large keydependent Sboxes. It is similar in structure to CAST128, which uses fixed Sboxes.
The diagram to the left shows the action of Blowfish.
Each line represents 32 bits. The algorithm keeps two subkey arrays:
the 18entry Parray and four 256entry Sboxes. The Sboxes accept
8bit input and produce 32bit output. One entry of the Parray
is used every round, and after the final round, each half of the
data block is XORed with
one of the two remaining unused Pentries.
The diagram to the right shows Blowfish's Ffunction.
The function splits the 32bit input into four eightbit quarters,
and uses the quarters as input to the Sboxes. The outputs are
added modulo 232
and XORed to produce the final 32bit output.
Since Blowfish is a Feistel network, it can be inverted
simply by XORing P17 and P18 to the ciphertext block, then using
the Pentries in reverse order. 
The Feistel structure of Blowfish 
Blowfish's key
schedule starts by initializing the Parray and Sboxes with values
derived from the hexadecimal digits
of pi, which
contain no obvious pattern. The secret key is then XORed with the Pentries
in order (cycling the key if necessary). A 64bit allzero block is
then encrypted with the algorithm as it stands. The resultant ciphertext
replaces P1 and P2. The ciphertext is then encrypted again with the
new subkeys, and P3 and P4 are replaced by the new ciphertext. This
continues, replacing the entire Parray and all the Sbox entries.
In all, the Blowfish encryption algorithm will run 521 times to generate
all the subkeys  about 4KB of data is processed.
Blowfish in practice
Blowfish is one of the fastest block ciphers in widespread use, except when changing keys. Each new key requires preprocessing equivalent to encrypting about 4 kilobytes of text, which is very slow compared to other block ciphers. This prevents its use in certain applications, but is not a problem in others, such as SplashID.
Blowfish is not subject to any patents and is therefore freely available for anyone to use. This has contributed to its popularity in cryptographic software.
For additional information, please visit Wikipedia


