DES is the workhorse of cryptography algorithms, and it’s long past time to replace the 19-year-old standard. The recent design of a $1M machine that could recover a DES key in 3.5 hours only confirmed what everybody knew: DES’s key size is far too small for today.
The world only partly trusted DES because it survived the scrutiny of the NSA. Experts trusted DES because it was a published standard, and because it survived 20 years of intensive cryptanalysis by cryptographers around the world. Cryptography is like that: confidence in an algorithm grows as group after group tries to break it and fails.
Candidates for a replacement are emerging, but none has taken widespread hold. Triple-DES is the conservative approach; IDEA (used in PGP) is the most promising new algorithm. And there is a bevy of unpatented also-rans: RC4 (once a trade secret of RSA Data Security, Inc. but now publicly available on the Internet), SAFER, and my own Blowfish.
I first presented Blowfish at the Cambridge Algorithms Workshop (“Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish),” Fast Software Encryption, R. Anderson, ed., Lecture Notes in Computer Science #809, Springer-Verlag, 1994) and in Dr. Dobb’s Journal (April 1994). From the start Blowfish was intended to be a completely free–unpatented, unlicensed, and uncopyrighted–alternative to DES. Since then it has been analyzed by some people and has started to see use in some systems, both public and private. This article presents new Blowfish code, as well as updates on the algorithm’s security.