2

I have set up a test app with Blowfish encryption taken from someone else's library. I have been astonished to find that password "Test" gives the same encrypted text as password "TestTestTestTest". Is this normal behavior of the algorithm or is it a bug?

Maarten Bodewes
  • 92,551
  • 13
  • 161
  • 313
Mariusz
  • 21
  • 1

1 Answers1

3

It looks like the library is treating the string as the key to Blowfish, which has a veriable key size; the way the keysetup is done (with a cyclical use of the key bytes, see more details on the Wikipedia page) implies that key $k$ of length $n$ and key $k||k$ of length $2n$ have the same expanded key and thus an equivalent encryption/decryption function. Your "Test" example also illustrates this.

Usually from a string a key is "derived" using a KDF, which is then input to an algorithm that accepts keys of some fixed sizes like 128 bits etc. But Blowfish can accept 1 byte keys, and 300 byte keys too, so libraries often don't do this an accept the key input 'as is', without KDF being compulsory. Or they "pad" a string like 'Test' to 16 bytes with 0-bytes etc. Be sure you know what a library does before using it. Keys should be random and unpredictable, not dictionary words.

Henno Brandsma
  • 3,842
  • 16
  • 20
  • So one of the ways is changing the blowfish algorithm to another one? Since the strength of encryption depends on the length of the password, apparently it does not apply to blowfish. For example, the password "TestTestTestA" would have the strength more or less the same as the password TestA? – Mariusz May 28 '19 at 10:42
  • @Mariusz TestTestTestA is not equivalent to TestA, as it's not a repeat, TestATestATestA would be. The true solution is to use a KDF. – Henno Brandsma May 28 '19 at 10:47
  • I have little knowledge on ciphers. So more or less, regarding the password length, "TestTestTest" has the strength 4 whereas TestTestTestA has the strenght 13 ? – Mariusz May 28 '19 at 11:00
  • @Mariusz for this implementation of the cipher, yes. And length is not the only factor of course. – Henno Brandsma May 28 '19 at 11:28
  • 1
    A password is not a key. Although Blowfish accepts different key sizes doesn't mean that you should use passwords as key. I agree with Henno here: use a Password Based Key Derivation Function or PBKDF. If you want you could use bcrypt as PBKDF, which uses Blowfish underneath (just an implementation detail). – Maarten Bodewes May 28 '19 at 12:50
  • That is quite funny. I have made a different setting to the library, namely: CipherMode := CBC instead of ECB and this required to add something called LoadIVString(password) and now the encoded text is different for keys "Test" and "TestTest" – Mariusz May 28 '19 at 20:42
  • @Mariusz yes, different IV’s will do that. – Henno Brandsma May 28 '19 at 21:04
  • There is one more thing that is amusing. When I change setting PaddingMode from pmZeroPadding to pmPKCS5or7RandomPadding I get different encrypted text with the same encryption key each time I run the procedure. But all the different encrypted texts can be decrypted with the same key that was used to encrypt. I wonder if this feature of generating differently encoded text from the same original text has any practical application? – Mariusz May 29 '19 at 12:12