Blowfish is a symmetric-key block cipher , designed in 1993 by Bruce Schneier and included in many cipher suites and encryption products. Blowfish provides a good encryption rate in software, and no effective cryptanalysis of it has been found to date for smaller files. It is recommended Blowfish should not be used to encrypt files larger than 4GB in size, Twofish should be used instead.
31-465: The SuperDisk LS-120 is a high-speed, high-capacity alternative to the 90 mm (3.5 in), 1.44 MB floppy disk . The SuperDisk hardware was created by 3M 's storage products group Imation in 1996, with manufacturing chiefly by Matsushita . The SuperDisk had little success in North America; with Compaq , Gateway and Dell being three of only a few OEMs who supported it. It
62-442: A 64-bit block size and therefore it could be vulnerable to Sweet32 birthday attacks. Schneier designed Blowfish as a general-purpose algorithm, intended as an alternative to the aging DES and free of the problems and constraints associated with other algorithms. At the time Blowfish was released, many other designs were proprietary, encumbered by patents , or were commercial or government secrets. Schneier has stated that "Blowfish
93-454: A 64-bit block size. The GnuPG project recommends that Blowfish not be used to encrypt files larger than 4 GB due to its small block size. A reduced-round variant of Blowfish is known to be susceptible to known-plaintext attacks on reflectively weak keys. Blowfish implementations use 16 rounds of encryption, and are not susceptible to this attack. Bruce Schneier has recommended migrating to his Blowfish successor, Twofish . Blowfish2
124-530: A CD drive available. They could both store massive numbers of drivers for installation purposes as well as be used to run live operating systems, such as ReactOS , which amounts to 150 MB. Megabyte The megabyte is a multiple of the unit byte for digital information. Its recommended unit symbol is MB . The unit prefix mega is a multiplier of 1 000 000 (10 ) in the International System of Units (SI). Therefore, one megabyte
155-516: A SuperDisk drive. These disks could be used in a SuperDisk drive only if formatted to PC 720 KB MFM format. Note that almost no USB floppy drives supported Mac GCR floppies. The biggest hurdle standing in the way of success was that Iomega's Zip drive had been out for three years when SuperDisk had been released. Zip had enough popularity to leave the public mostly uninterested in SuperDisk, despite its superior design and its compatibility with
186-440: A different number of rounds, as even though it increases security against an exhaustive attack, it weakens the security guaranteed by the algorithm. And given the slow initialization of the cipher with each change of key, it is granted a natural protection against brute-force attacks, which doesn't really justify key sizes longer than 448 bits. Blowfish is a fast block cipher , except when changing keys. Each new key requires
217-518: A magnetic head which is much smaller than those used in traditional floppy disk drives. Iomega orphaned the project around the time they decided to release the Zip drive in 1994. The idea eventually ended up at 3M, where the concept was refined and the design was licensed to established floppy drive makers Matsushita and Mitsubishi . Other companies involved in the development of SuperDisk include Compaq and OR Technology. Matsushita continued development of
248-603: A version of the SuperDisk with "Secured Encryption Technology", which uses Blowfish with a 64-bit key to encrypt the contents. Under Windows XP 's sfloppy.sys driver , a USB SuperDisk drive will appear as a 3.5″ floppy disk drive, receiving either the drive letter A: (if there is no floppy in the machine) or B: (if there already is one). This enables use by software that expects a floppy drive when 1.44 MB or 720 KB disks are inserted. 120 MB and 240 MB disks are also accessed via A: or B:. Older 800KB and 400KB Macintosh floppies, using GCR , did not work with
279-485: Is also the name of a cross-platform file encryption utility developed in 2002 that implements Blowfish. Blowfish's use of a 64-bit block size (as opposed to e.g. AES's 128-bit block size) makes it vulnerable to birthday attacks , particularly in contexts like HTTPS . In 2016, the SWEET32 attack demonstrated how to leverage birthday attacks to perform plaintext recovery (i.e. decrypting ciphertext) against ciphers with
310-560: Is combined with linear recording density improvements enabling 36-53 sectors per track through partial-response maximum-likelihood and zone bit recording . The true capacity of these "SD120MB" drives is 120.375 MiB aka 126.22 MB ( FAT16B with logical geometry 963/8/32 CHS × 512 bytes). The "SD240MB" drives have a capacity of 229.25 MiB aka 240.39 MB ( FAT16B with logical geometry 262/32/56 CHS × 512 bytes). 1.44 MB HD floppies formatted to 32 MB as "FD32MB" ( FAT16B with logical geometry 1024/2/32 CHS × 512 bytes) in
341-464: Is equal to one gigabyte (1 GB), where 1 GB is one billion bytes. Randomly addressable semiconductor memory doubles in size for each address lane added to an integrated circuit package, which favors counts that are powers of two. The capacity of a disk drive is the product of the sector size, number of sectors per track, number of tracks per side, and the number of disk platters in the drive. Changes in any of these factors would not usually double
SECTION 10
#1732783097912372-484: Is one million bytes of information. This definition has been incorporated into the International System of Quantities . In the computer and information technology fields, other definitions have been used that arose for historical reasons of convenience. A common usage has been to designate one megabyte as 1 048 576 bytes (2 B), a quantity that conveniently expresses the binary architecture of digital computer memory. Standards bodies have deprecated this binary usage of
403-555: Is processed. Because the P-array is 576 bits long, and the key bytes are XORed through all these 576 bits during the initialization, many implementations support key sizes up to 576 bits. The reason for that is a discrepancy between the original Blowfish description, which uses 448-bit keys, and its reference implementation, which uses 576-bit keys. The test vectors for verifying third-party implementations were also produced with 576-bit keys. When asked which Blowfish version
434-400: Is the correct one, Bruce Schneier answered: "The test vectors should be used to determine the one true Blowfish". Another opinion is that the 448 bits limit is present to ensure that every bit of every subkey depends on every bit of the key, as the last four values of the P-array don't affect every bit of the ciphertext. This point should be taken in consideration for implementations with
465-531: Is then encrypted with the algorithm as it stands. The resultant ciphertext replaces P 1 and P 2 . The same ciphertext is then encrypted again with the new subkeys, and the new ciphertext replaces P 3 and P 4 . This continues, replacing the entire P-array and all the S-box entries. In all, the Blowfish encryption algorithm will run 521 times to generate all the subkeys – about 4 KB of data
496-640: Is unpatented, and will remain so in all countries. The algorithm is hereby placed in the public domain , and can be freely used by anyone." Notable features of the design include key-dependent S-boxes and a highly complex key schedule . Blowfish has a 64-bit block size and a variable key length from 32 bits up to 448 bits. It is a 16-round Feistel cipher and uses large key-dependent S-boxes . In structure it resembles CAST-128 , which uses fixed S-boxes. The adjacent diagram shows Blowfish's encryption routine. Each line represents 32 bits. There are five subkey-arrays: one 18-entry P-array (denoted as K in
527-491: The memory media . The SuperDisk's format was designed to supersede the floppy disk with its higher-capacity media that imitated the ubiquitous format with its own 120 MB (and later 240 MB) disk storage while the SuperDisk drive itself was backwards compatible with 1.44 MB and 720 KB floppy formats ( MFM ). Superdisk drives read and write faster to these sorts of disks than conventional 1.44 MB or 720 KB floppy drives. The newer LS-240 drives also have
558-522: The LS-240 show a dummy FAT12 file system (with logical geometries 160/2/9 or 80/2/18) when inserted into a normal floppy drive. SuperDisk drives have been sold in parallel port , USB , ATAPI and SCSI variants. All drives can read and write 1.44 MB and 720 KiB MFM floppies, as used on PCs, Apple Macintoshes (High Density format only, see below), and many workstations . 2.88 MB floppy formats are not supported. Imation also released
589-775: The SI prefix kilo- , it was a convenient term to denote the binary multiple. In 1999, the International Electrotechnical Commission (IEC) published standards for binary prefixes requiring the use of megabyte to denote 1000 bytes, and mebibyte to denote 1024 bytes. By the end of 2009, the IEC Standard had been adopted by the IEEE , EU , ISO and NIST . Nevertheless, the term megabyte continues to be widely used with different meanings. In this convention, one thousand megabytes (1000 MB)
620-469: The ability to read and write regular 1.44 MB floppies at much higher densities in a format called "FD32MB". Described in the help file for the SuperWriter32 application included with the driver package, the increase of capacity for FD32MB is achieved through the use of shingled magnetic recording (SMR) to reduce track pitch to 18.8μm from the standard 187.5μm allowing 777 tracks per side. This
651-457: The ciphertext block, then using the P-entries in reverse order). Blowfish's key schedule starts by initializing the P-array and S-boxes with values derived from the hexadecimal digits of pi , which contain no obvious pattern (see nothing up my sleeve number ). The secret key is then, byte by byte, cycling the key if necessary, XORed with all the P-entries in order. A 64-bit all-zero block
SECTION 20
#1732783097912682-517: The diagram, to avoid confusion with the Plaintext) and four 256-entry S-boxes (S0, S1, S2 and S3). Every round r consists of 4 actions: The F-function splits the 32-bit input into four 8-bit quarters and uses the quarters as input to the S-boxes. The S-boxes accept 8-bit input and produce 32-bit output. The outputs are added modulo 2 and XORed to produce the final 32-bit output (see image in
713-448: The mega- prefix in favor of a new set of binary prefixes , by means of which the quantity 2 B is named mebibyte (symbol MiB). The unit megabyte is commonly used for 1000 (one million) bytes or 1024 bytes. The interpretation of using base 1024 originated as technical jargon for the byte multiples that needed to be expressed by the powers of 2 but lacked a convenient name. As 1024 (2 ) approximates 1000 (10 ), roughly corresponding to
744-580: The pre-processing equivalent of encrypting about 4 kilobytes of text, which is very slow compared to other block ciphers. This prevents its use in certain applications, but is not a problem in others. Blowfish must be initialized with a key. It is good practice to have this key hashed with a hash function before use. In one application Blowfish's slow key changing is actually a benefit: the password -hashing method (crypt $ 2, i.e. bcrypt) used in OpenBSD uses an algorithm derived from Blowfish that makes use of
775-512: The size. Depending on compression methods and file format , a megabyte of data can roughly be: The novel The Picture of Dorian Gray , by Oscar Wilde , hosted on Project Gutenberg as an uncompressed plain text file, is 0.429 MB. Great Expectations is 0.994 MB, and Moby Dick is 1.192 MB. The human genome consists of DNA representing 800 MB of data. The parts that differentiate one person from another can be compressed to 4 MB. Blowfish (cipher) Blowfish has
806-402: The slow key schedule; the idea is that the extra computational effort required gives protection against dictionary attacks . See key stretching . Blowfish has a memory footprint of just over 4 kilobytes of RAM . This constraint is not a problem even for older desktop and laptop computers , though it does prevent use in the smallest embedded systems such as early smartcards . Blowfish
837-444: The standard floppy disk. By 2000, the entire removable magnetic disk category was finally obsoleted by the falling prices of CD-R and CD-RW drives, and later on solid-state ( USB flash drives or USB keydrives). Over the next few years, SuperDisk was quietly discontinued, even in areas where it was popular. Today, disks are very hard to find. The USB models were quite popular for debugging and installing servers that did not have
868-592: The technology and released the LS-240. It has double the capacity of the LS-120 and the added feature of being able to format regular floppy disks to 32 MB capacity . However, this higher density comes at a price – the entire disk must be rewritten any time a change is made, much like early CD-RW media. A SuperDisk drive was used in two Panasonic digital cameras , the PV-SD4090 and PV-SD5000, which allowed them to use both SuperDisk (LS-120) and 3.5″ floppy disks as
899-417: The upper right corner). After the 16th round, undo the last swap, and XOR L with K18 and R with K17 (output whitening). Decryption is exactly the same as encryption, except that P1, P2, ..., P18 are used in the reverse order. This is not so obvious because xor is commutative and associative. A common misconception is to use inverse order of encryption as decryption algorithm (i.e. first XORing P17 and P18 to
930-480: Was more successful in Asia and Australia, where the majority of second-generation SuperDisk LS-240 drives and disks were released. There was one model of LS-240 drive released in North America, by QPS. SuperDisk worldwide ceased manufacturing in 2003. The design of the SuperDisk system came from an early 1990s project at Iomega . It is one of the last examples of floptical technology, where lasers are used to guide
961-475: Was one of the first secure block ciphers not subject to any patents and therefore freely available for anyone to use. This benefit has contributed to its popularity in cryptographic software. bcrypt is a password hashing function which, combined with a variable number of iterations (work "cost"), exploits the expensive key setup phase of Blowfish to increase the workload and duration of hash calculations, further reducing threats from brute force attacks. bcrypt