Breaking 224-bit Blowfish encryption

Question

I have a bunch of encrypted files that I want to decrypt (duh). I found out they are encrypted with Blowfish using a 224-bit key after some research. I know what the first f

Answer 1

There is no chance of you brute-forcing the key*. Assuming there is a meet-in-the-middle attack for Blowfish that reduces it to testing 2^112 keys, there isn't enough computing power on the planet to have a decent chance of brute-forcing the key before the Sun goes cold. The NSA couldn't do it either, if that's any consolation, although it's conceivable they can solve Blowfish rather than guess keys.

Unless you can find the keys, you aren't going to read the files.

*Technically, you do have a chance. However, it's far more likely that you'll win a national lottery twice (assuming you buy a ticket for two drawings).

Answer 2

2^(n/2) means in this case 2^223 rather than 224, possibly? if so, I can't see it helps you very much. I think you need to get down to something like 2^64 or so to brute force it on a home PC in a reasonable time.

Answer 3

Do you happen to know how the key was chosen? If it's say, generated from a password and no proper password derivation function is used this may be your best angle of attack. Also depending on the chaining mode used there could be other venue of attack, we need to know more.

Answer 4

No, you can't recover the plain text unless the encryption was done incorrectly.

There is a published "known plain text" attack, but it requires billions of known plain texts to work.

---

Update regarding "Edit": Again, if the encryption was done correctly, examining the known keys won't help, because a cryptographic number generator used to generate good keys is going to have similar complexity as the cipher. However, using a bad generator (or password-based encryption with weak passwords) is a common implementation flaw. Good luck!