Editing Blowfish (cipher) (section)

== Blowfish in practice ==
Blowfish is a fast [[block cipher]], except when changing keys. Each new [[key (cryptography)|key]] requires the pre-processing equivalent of encrypting about 4 kilobytes of text, which is very slow compared to other block ciphers. This prevents its use in certain applications, but is not a problem in others.

Blowfish must be initialized with a key. It is good practice to have this key hashed with a [[hash function]] before use.

In one application Blowfish's slow key changing is actually a benefit: the [[password]]-hashing method (crypt $2, i.e. bcrypt) used in [[OpenBSD]] uses an algorithm derived from Blowfish that makes use of the slow key schedule; the idea is that the extra computational effort required gives protection against [[dictionary attack]]s. ''See'' [[key stretching]].

Blowfish has a [[memory footprint]] of just over 4 kilobytes of [[Random Access Memory|RAM]]. This constraint is not a problem even for older desktop and [[laptop computers]], though it does prevent use in the smallest [[embedded systems]] such as early [[smartcard]]s.

Blowfish was one of the first secure block ciphers not subject to any patents and therefore freely available for anyone to use. This benefit has contributed to its popularity in cryptographic software.

[[bcrypt]] is a [[Cryptographic hash function#Password verification|password hashing function]] which, combined with a variable number of iterations (work "cost"), exploits the expensive key setup phase of Blowfish to increase the workload and duration of hash calculations, further reducing threats from brute force attacks.

bcrypt is also the name of a cross-platform file encryption utility developed in 2002 that implements Blowfish.<ref>[http://bcrypt.sourceforge.net "Bcrypt - Blowfish File Encryption"] {{webarchive |url=https://web.archive.org/web/20150829060804/http://bcrypt.sourceforge.net/ |date=2015-08-29}} bcrypt file encryption program homepage (bcrypt.sourceforge.net)</ref><ref>{{cite web|url=http://bcrypt463065.android.informer.com/|title=bcrypt Free Download - whodunnit.tools.bcrypt|website=bcrypt463065.android.informer.com|access-date=7 May 2018|url-status=live|archive-url=https://web.archive.org/web/20160304075720/http://bcrypt463065.android.informer.com/ |archive-date=4 March 2016}}</ref><ref>{{cite web|url=http://www.t2-project.org/packages/bcrypt.html|title=T2 package - trunk - bcrypt - A utility to encrypt files.|website=www.t2-project.org|access-date=7 May 2018|url-status=live|archive-url=https://web.archive.org/web/20170421043425/http://t2-project.org/packages/bcrypt.html|archive-date=21 April 2017}}</ref><ref>{{cite web|url=https://docs.oracle.com/cd/E51849_01/gg-winux/OGGLC/ogglc_licenses.htm|title=Oracle GoldenGateのライセンス|website=docs.oracle.com|access-date=7 May 2018|url-status=live|archive-url=https://web.archive.org/web/20171027233204/https://docs.oracle.com/cd/E51849_01/gg-winux/OGGLC/ogglc_licenses.htm|archive-date=27 October 2017}}</ref>