Tools

Blowfish Encryption and Decryption Online

64-bit block cipher supporting key lengths from 32 to 448 bits. CBC (recommended) and ECB modes with PKCS7 padding.

Cipher Mode

Key (4-56 bytes)

IV (16 hex chars = 8 bytes)

0 / 16 characters

Input

Output Format

Ciphertext (HEX)

About Blowfish

64-bit block cipher designed by Bruce Schneier (1993)
Key length: 4 to 56 bytes (32 to 448 bits)
CBC mode uses an IV and is more secure than ECB
ECB encrypts each block independently - avoid for large data
PKCS7 padding is applied automatically
For new systems, prefer AES or ChaCha20-Poly1305

Loading Blowfish Cipher...

Encrypt and decrypt data using the Blowfish block cipher in CBC or ECB mode. Supports key lengths from 4 to 56 bytes (32 to 448 bits). Pure browser-based - no data is uploaded.

What is BLOWFISH-CIPHER?

Blowfish is a symmetric block cipher designed by Bruce Schneier and published in 1993. It operates on 64-bit blocks and accepts variable-length keys from 32 to 448 bits. Blowfish uses a 16-round Feistel network with a complex key schedule that initializes 18 P-box subkeys and four 256-entry S-boxes from the key. The key schedule requires 521 encryptions to set up, making Blowfish inherently slow to brute-force with different keys - a feature that makes it attractive for password hashing (as used in bcrypt). Blowfish is used in password managers, SSH implementations, and file encryption tools.

Example

Input:

Mode: CBC
Key (text): MySecretKey
IV (hex): 0000000000000000
Input: Hello World

Output:

Encrypted (Hex): a1b2c3d4... (varies by key)

FAQ

What is the relationship between Blowfish and bcrypt?
bcrypt uses a modified Blowfish key schedule called Eksblowfish. It applies the key schedule many times (controlled by a cost factor), making key derivation intentionally slow and expensive to brute-force. The Blowfish cipher here is the standard block cipher, not bcrypt. Do not use the raw Blowfish cipher to hash passwords - use bcrypt, Argon2id, or scrypt instead.
Why is Blowfish limited to 64-bit blocks?
Blowfish was designed in 1993 when 64-bit blocks were standard. The 64-bit block size makes it vulnerable to the SWEET32 birthday attack after approximately 32 GB of data encrypted with the same key in CBC mode. For this reason, Bruce Schneier recommends using Twofish (his 128-bit block successor to Blowfish) for new applications.
What key lengths are supported?
Blowfish accepts keys from 32 to 448 bits (4 to 56 bytes). The tool accepts keys as UTF-8 text (any printable characters) or as hexadecimal. Common choices are 128-bit (16 bytes / 32 hex chars) or 256-bit (32 bytes / 64 hex chars) keys.
What is the difference between CBC and ECB mode for Blowfish?
ECB (Electronic Codebook) encrypts each 8-byte block independently. Identical plaintext blocks produce identical ciphertext blocks, making patterns visible. ECB is insecure for most data. CBC (Cipher Block Chaining) XORs each plaintext block with the previous ciphertext block before encryption, hiding patterns. CBC requires an IV (initialization vector) for the first block and is the recommended mode.
Is Blowfish still used in modern software?
Blowfish is still found in older OpenSSH ciphersuites, legacy password managers, some VPN software, and older file encryption tools. bcrypt (which uses Blowfish's key schedule) remains the standard for password hashing in many systems. For new symmetric encryption, AES-GCM or ChaCha20-Poly1305 are recommended over Blowfish.