Live Journal about blowfish |

Some of us grew up in small towns with relatively few people around and didn’t feel the need to lock our doors. As populations grew and we moved to bigger cities, the need to keep doors locked increased.

In the days of old, some 20 years ago, when PCs were first emerging and few people understood the ‘rocket science’ of an OS command prompt, there was little need in business for digital security and data encryption because only a trusted few knew how to access the stored data and programs within. Fast forward to today where an Internet connection and a networked PC on every desk is the defacto standard of doing business, and the need for greater levels of digital security becomes just as defacto.

And while you might hire one of the neighbors’ kids to mow the lawn around your house in the big city, you would still hire a qualified security company to protect your home and detect intruders. Likewise, your junior programmers are probably ill-equipped to develop all the cryptography modules for your company or clients.

So what’s a Blowfish and why is it relevant here? Blowfish is the name of a publicly available block data encryption algorithm developed by Bruce Schneier. It is a small and fast symmetric encryption scheme that uses a variable length key that can be up to 448 bits long. It is considered safe and there are no known successful attacks against it.

That’s great, but should you use it? What about the key size? Don’t you need 1024-bit keys to be really secure these days? Not necessarily, because there is a tradeoff with larger keys. Also, your application may not require that degree of security (in this case defined as the length of time your secret data needs to remain that way) and would be adversely affected by usage of a larger key. For a vast majority of applications (including HIPAA compliance) the 448 bit max Blowfish key is already significant overkill.

A concern much greater than that of key size is key security. By far, the greatest risks to any data encryption scheme are the human factors. For any key sizes that exceed 56 bits in a symmetric algorithm, it is far easier to simply steal the keys or buy them from one of your trusted employees than to take the time and money to develop and run the system necessary to break your encryption without the keys.

Blowfish is best suited for applications where keys remain relatively constant such as communications links and embedded file encryption. Also, since it is a symmetric algorithm, it suffers from the same key exchange problems as all the other symmetric algorithms. Public key algorithms such as Diffie-Hillman are available that work better in those applications (and as a side note, it’s the public key algorithms that commonly need the much larger key sizes).

So is Blowfish right for you? Perhaps, but without first investigating your precise needs i.e. what kind of data needs protection, who needs to access the data, where it will be stored, etc., it is impossible to know just what is right. Gather your thoughts about your needs and then contact a professional to develop a secure and workable solution. save your loans at payday advance

Encryption

To understand what a brute force attack is, we must first understand the technology that is designed to attack. This technology that I speak of is data encryption. Data Encryption is used to protect code and other information from prying eyes by changing the data based upon keys, which are essentially complicated, lengthy passwords. To obtain access to the data it is necessary to have the key, otherwise the information is rendered useless.

Motive

It is in the interest of some parties, such as hackers, law enforcement, intelligence agencies, etc, to break this encryption and gain access to the data contained within. Brute force attacks are one method used to discover the key needed to unlock the data. It is by far the most rudimentary cracking process, involving trying every combination possible. Imagine forgetting a friend’s phone number and starting at 100 – 0000. And since guessing the right number gets exponentially harder every time a new number set is introduced it could take years to do even for the fastest dialer. In the same way computer systems, hardware or software, attempting to crack a key are limited by power, heat and other variables, as described in the laws of thermodynamics, making extremely long keys impractical to crack.

Entropy

However, a lot of attacks are inherently easier as some may have already noticed from the example above. If you really were to forget a phone number you would know based upon certain outside variables such as country, state, county, city, etc, that many choices can be eliminated. Many numbers can be considered either completely impossible or at the very least, very improbable. As you get more exact with your friend’s lost number the less random choices you would need to make to guess the correctly. This once daunting number starts to seem a little tamer. Certain outside factors such as pressure and temperature can affect a computer systems ability to choose numbers in a random way. This slight leveling of Einstein’s playing field, made possible by the study of entropy, enables brute force attacks to crack keys that seem to be statistically impossible.

Breakdown

Ultimately, using the right encryption combined with the technology available today, brute force attacks are on the loosing team. They are simply unable to tackle the insurmountable mountain of number combinations made available by modern encryption technology. Even advanced hardware designed specifically for the task ultimately will fail when matched with against current encryption methods. So, don’t forget your key inside one of these monsters, the lock smith won’t be much help.