An object of this type encapsulates a keyed instance of the Blowfish
block cipher, ready to encrypt and decrypt. However, if youre
looking for an implementation of Blowfish you most likely want
Crypt::Eksblowfish::Blowfish. This class differs from the standard
Blowfish in that it accepts some keys that Blowfish officially does
Blowfish is a symmetric cipher algorithm designed by Bruce Schneier in
1993. It operates on 64-bit blocks, and takes a variable-length key.
Officially the key can vary from 32 bits (4 octets) to 448 bits (56
octets) in increments of 8 bits (1 octet). In fact the algorithm can
easily operate on a key of any number of octets from 1 (8 bits) to 72
(576 bits). Some implementations dont enforce the official key length
limits, and so for compatibility it is sometimes necessary to handle a
Blowfish key of a prohibited length. That is what this class is for.
The Ukl in the name stands for unrestricted key length.
Using a very short key is generally a bad idea because there arent
very many keys of that length and so its easy for an attacker to try
them all. The official 32-bit minimum for Blowfish was already far
too short for serious security at the time that Blowfish was designed.
(A machine to crack 56-bit DES keys by brute force in a few days each
was publicly built only five years later.) Do not base your security
on the secrecy of a short key.
Using overlong keys has more interesting effects, which depend on internal
features of Blowfish. When the key exceeds 64 octets (512 bits), varying
key bits past that length results in subkeys which have predictable
relationships. There is also some possibility of equivalent keys when
the keys exceed 64 octets and differ only in the first 8 octets (64 bits).
These phenomena have not been extensively studied in the open literature,
so it is difficult to judge the degree of cryptographic weakness that
results from them. It is clear that beyond some length Blowfish keys
do not have as much strength as their length would suggest, and it is
possible that overlong keys have specific weaknesses that render them
weaker than shorter keys. If choosing a key for security, it is advised
to stay within the official length limit of 56 octets.
In summary: using Blowfish keys of officially-unsupported lengths
causes security problems. If you are using Blowfish for security,
and have the choice, use a key of an officially-supported length (and
a standard implementation such as Crypt::Eksblowfish::Blowfish).
Use out-of-range key lengths (and this class) only for compatibility or