Use AES. This module is provided only for legacy purposes.
Blowfish is a symmetric block cipher designed by Bruce Schneier.
It has a fixed data block size of 8 bytes and its keys can vary in length from 32 to 448 bits (4 to 56 bytes).
Blowfish is deemed secure and it is fast. However, its keys should be chosen to be big enough to withstand a brute force attack (e.g. at least 16 bytes).
As an example, encryption can be done as follows:
>>> from Crypto.Cipher import Blowfish >>> from struct import pack >>> >>> bs = Blowfish.block_size >>> key = b'An arbitrarily long key' >>> cipher = Blowfish.new(key, Blowfish.MODE_CBC) >>> plaintext = b'docendo discimus ' >>> plen = bs - len(plaintext) % bs >>> padding = [plen]*plen >>> padding = pack('b'*plen, *padding) >>> msg = cipher.iv + cipher.encrypt(plaintext + padding)
Module’s constants for the modes of operation supported with Blowfish:
|var MODE_ECB:||Electronic Code Book (ECB)|
|var MODE_CBC:||Cipher-Block Chaining (CBC)|
|var MODE_CFB:||Cipher FeedBack (CFB)|
|var MODE_OFB:||Output FeedBack (OFB)|
|var MODE_CTR:||CounTer Mode (CTR)|
|var MODE_EAX:||EAX Mode|
new(key, mode, *args, **kwargs)¶
Create a new Blowfish cipher
- key (bytes, bytearray, memoryview) – The secret key to use in the symmetric cipher. Its length can vary from 5 to 56 bytes.
- mode (One of the supported
MODE_*constants) – The chaining mode to use for encryption or decryption.
iv (bytes, bytearray, memoryview) – (Only applicable for
The initialization vector to use for encryption or decryption.
MODE_OFBit must be 8 bytes long.
MODE_OPENPGPmode only, it must be 8 bytes long for encryption and 10 bytes for decryption (in the latter case, it is actually the encrypted IV which was prefixed to the ciphertext).
If not provided, a random byte string is generated (you must then read its value with the
nonce (bytes, bytearray, memoryview) – (Only applicable for
A value that must never be reused for any other encryption done with this key.
MODE_EAXthere are no restrictions on its length (recommended: 16 bytes).
MODE_CTR, its length must be in the range [0..7].
If not provided for
MODE_EAX, a random byte string is generated (you can read it back via the
segment_size (integer) – (Only
MODE_CFB).The number of bits the plaintext and ciphertext are segmented in. It must be a multiple of 8. If not specified, it will be assumed to be 8.
mac_len : (integer) – (Only
MODE_EAX) Length of the authentication tag, in bytes. It must be no longer than 8 (default).
initial_value : (integer) – (Only
MODE_CTR). The initial value for the counter within the counter block. By default it is 0.
a Blowfish object, of the applicable mode.