0
I am looking at encrypting documents, media, etc with BlowFish 448 and some of the files exceed in 20GB in size. Is there a risk of using BlowFish over AES 256? If so what are they?
PeanutsMonkey
Posted 2012-05-02T09:39:05.570
Reputation: 7 780
Limitations of BlowFish 448 with large files
Answers
0
There is no limit to the size of files a cryptographic algorithm can actually handle - however, depending on the use case there is a theoretical risk inherent with larger data sizes.
Firstly, Blowfish is not known to be broken at the current time of writing.
Secondly, it is a block cipher and as such is just a primitive. All block ciphers are used in conjunction with a mode of operation such as CBC. Due to the birthday paradox, after 2^32 blocks (for 64-bit block size ciphers) collisions become likely. That basically means that after (64*2^32)/((1024)^3) gigabytes, you have a problem. Luckily for you, that works out at about a 256 gigabytes, so at the moment this is just a theoretical issue.
Clearly, if we were using 128-bit blocks, we'd use the formula (128*2^64)/((1024)^3), which gives us an insane (something like 4 trillion) gigabytes to work with.
Bottom line: this should be more than fine for a 20GB file.
64-bit is 8 bytes, so the right formula is (8*2^32)/((1024)^3) gigabytes, which is 32 gigabytes. – Yuhong Bao – 2014-12-25T09:17:32.150
Are there ciphers that are larger than 128bit? – PeanutsMonkey – 2012-05-02T10:18:58.780
@PeanutsMonkey for the input block size or the key? AES256, for example, uses a 128-bit input block, but a 256-bit key (which it actually expands internally in the key schedule). I don't know of any 256-input block keys. 128-bit spaces are generally considered impractical to search as is - although this is a discussion of key spaces it applies equally to the chance of collisions, which only assist cryptanalysis (unlike actually finding a key).
– None – 2012-05-02T10:25:20.723
I don't see how file size is relevant to risk - it's time you're probably more worried about on 20Gb files. – Cylindric – 2012-05-02T09:41:21.137
Based on the answer
Blowfish (and most other block ciphers of the same era, like 3DES and IDEA) have a 64 bit block size, which is considered insufficient for the large file sizes which are common these days (the larger the file, and the smaller the block size, the higher the probability of a repeated block in the ciphertext - and such repeated blocks are extremely useful in cryptanalysis)size appears to be an issue but am unsure whether the same applies with BlowFish 448. – PeanutsMonkey – 2012-05-02T09:59:13.253