Pin Me

The Differences between Twofish and Blowfish Encryption in a Nutshell

written by: Mark Muller•edited by: Bill Bunter•updated: 8/8/2011

Here’s all you want to know about Bruce Schneier’s Blowfish encryption as well as all about Twofish, an AES finalist, and successor of Blowfish. Both, Blowfish and Twofish, are absolutely free symmetric encryption algorithm operating a variety of key lengths on block ciphers.

  • slide 1 of 1

    Blowfish is symmetric block cipher encryption algorithm designed by the famous IT security technologist, BT Chief Security Technology Officer, and author Bruce ‘Almighty’ Schneier in 1993. The Blowfish encryption algorithm operates on 64-bit bit blocks of plaintext and supports variable key lengths ranging from 32 up to 448 bits; the default key length is 128 bits.

    The technicalities of the Blowfish algorithm are quite complex and involve Feistel ciphers using large key-dependent S-boxes. As there is no successful cryptanalysis attacks known a Blowfish secured message can only be cracked using brute-force. This, in turn, can be prevented by using 256-bit keys for example.

    Please find in Bright Hub's article Can AES Encryption be Cracked? why attempts of cracking Blowfish used in conjunction with a reasonable lenght key by means of brute force can be ruled out (The underlying maths principles have been translated in easy-to-understand language).

    The benefits of Blowfish include that the algorithm is unpatented and royalty-free, without any licensing requirements. The same is true for Twofish, an AES finalists designed by Schneier et al’s Counterpane Labs, gradually replacing Blowfish encryption. Twofish, first published in 1998, is a symmetric key block cipher algorithm using a block size of 128 bits .

    Twofish uses key lengths of 128 bit, 192 bit or 256-bit. The Twofish algorithm is similar to the Blowfish algorithm and applies 16 rounds of encryption to 64-bit bit blocks plaintext input. More about block ciphers and stream ciphers can be found in Bright Hub’s article Types of Encryption.

    Depending on on the key length as well as whether Twofish is used for hardware based or software based encryption Twofish may outperform AES in terms of speed. Many people believe Rijndael has just become more popular than Twofish because it received more attention since it was chosen for Advanced Encryption Standard (AES) by NIST in 2001.

    If you find this article about Blowfish Encryption interesting you may also be interested in Bright Hub’ article about the widely adopted Advanced Encryption Standard (AES). More information about Blowfish and Twofish, the non-commercial AES alternative, can also be found on Bruce Schneier’s website.


  • Author's own experience