Software Design & Engineering
Internet business development
mobile applications
Alan Partis
320 Ridgecreek Drive
Lexington, SC    29072
(803) 692-1101
alpartis@thundernet.com

 

Password Rules are Stupid
Common rules actually weaken security.

Best Practice ... Not!
This is one reason why "old" code can be touchy.

Wow! That was fast!
Making the right choices in your code can have huge payoffs in speed.

Ctors in Chains
Shrink your C++ code even more by chaining your constructors together.

Virtual Classes
Virtual base classes: what are they good for?!

Practice Makes Pretty Good
Become a master software engineer by practicing like a ninja warrior.

You Should Get Out More
Maintainability is the key to software success.

Why You Need Me
Seven reasons why I think you need me to work for you.

I Create Wealth
Or, why this is such a great business to be in.

Standards in Software
Software engineering standards are a necessary and good thing.

What is a Content Management System?
$10.5 billion will be spent on them this year (2003) alone, but what are they?

Top 10 Benefits of a Content Management System
So what good are they?

Do You Need a Blowfish?
What is a Blowfish? Does size matter? Is it right for me? Get your questions answered here.

Why Not Windows?
Don't just take my word for it ...

10 Attributes of a Professional Software Engineer
A truly professional software engineer stands out from the crowd. Here's what makes them different.

How to Score a Startup
Examine all these points of startup companies and see how they add up.

Do You Need a Blowfish?

July, 2002

Some of us grew up in small towns with relatively few people around and didn't feel the need to lock our doors. As populations grew and we moved to bigger cities, the need to keep doors locked increased.

In the days of old, some 20 years ago, when PCs were first emerging and few people understood the 'rocket science' of an OS command prompt, there was little need in business for digital security and data encryption because only a trusted few knew how to access the stored data and programs within. Fast forward to today where an Internet connection and a networked PC on every desk is the defacto standard of doing business, and the need for greater levels of digital security becomes just as defacto.

And while you might hire one of the neighbors' kids to mow the lawn around your house in the big city, you would still hire a qualified security company to protect your home and detect intruders. Likewise, your junior programmers are probably ill-equipped to develop all the cryptography modules for your company or clients.

So what's a Blowfish and why is it relevant here? Blowfish is the name of a publicly available block data encryption algorithm developed by Bruce Schneier. It is a small and fast symmetric encryption scheme that uses a variable length key that can be up to 448 bits long. It is considered safe and there are no known successful attacks against it.

That's great, but should you use it? What about the key size? Don't you need 1024-bit keys to be really secure these days? Not necessarily, because there is a tradeoff with larger keys. Also, your application may not require that degree of security (in this case defined as the length of time your secret data needs to remain that way) and would be adversely affected by usage of a larger key. For a vast majority of applications (including HIPAA compliance) the 448 bit max Blowfish key is already significant overkill.

A concern much greater than that of key size is key security. By far, the greatest risks to any data encryption scheme are the human factors. For any key sizes that exceed 56 bits in a symmetric algorithm, it is far easier to simply steal the keys or buy them from one of your trusted employees than to take the time and money to develop and run the system necessary to break your encryption without the keys.

Blowfish is best suited for applications where keys remain relatively constant such as communications links and embedded file encryption. Also, since it is a symmetric algorithm, it suffers from the same key exchange problems as all the other symmetric algorithms. Public key algorithms such as Diffie-Hillman are available that work better in those applications (and as a side note, it's the public key algorithms that commonly need the much larger key sizes).

So is Blowfish right for you? Perhaps, but without first investigating your precise needs i.e. what kind of data needs protection, who needs to access the data, where it will be stored, etc., it is impossible to know just what is right. Gather your thoughts about your needs and then contact a professional to develop a secure and workable solution.


"Thundernet" is a trademark of Thundernet Development Group, Inc.
a Florida corporation.
Copyright © Thundernet Development Group, Inc..
All rights reserved.