30 Dec Cracking the code – AES 256-bit or 448-bit Blowfish?
What makes an encryption solution safer, is it a bigger number? Or is there more to it? And which solution should you use?
The math behind AES 256-bit encryption states that the key is one string of characters out of 2256 key possibilities, with a key length of either 128, 192, or 256 bits. Further, this math dictates that even if every supercomputer in the world was tasked with spending every second of every day trying to decipher your key, it would take an amount of time longer than our universe has even existed. For the non-mathematicians in the room, that means without a completely inexplicable stroke of luck, data protected by AES 256-bit encryption is untouchable from a brute force attack.
448-bit Blowfish encryption gets its name from its algorithm, which utilizes variable key lengths from 32 bits up to 448 bits. 448-bit Blowfish encryption utilizes 64-bit block sizes, while AES 256-bit encryption makes use of 128-bit block sizes, which is recommended when encrypting files larger than 32 gigabytes up to 256 Exabytes. With the introduction of AES-NI in 2010, AES 256-bit encryption was made faster than before. When 448-bit Blowfish was invented in 1993, its 32 GB threshold was optimal because file sizes were generally smaller then. A successful brute force attack has never been made on either AES or Blowfish, however, so let’s talk about the more practical reasons for choosing one over the other.
Breaking the unbreakable
AES 256-bit encryption was approved to become the US federal government standard in 2001, also approved by the NSA. It has undergone rigorous testing from both benevolent and malevolent attackers, and has yet to be broken, which is part of the reason it’s become the industry standard for data security.
448-bit Blowfish encryption is slightly less popular than AES 256-bit, so it hasn’t been the target of as many attacks.
Think back to when a major Apple computer selling point was “no viruses!” At the time, nobody was focused on distributing a virus on MacOS because the user base was so small, an attack on Windows would net the hacker more bang for their buck. The same goes here, if a hacker were able to crack AES 256-bit encryption today, the wealth of information they could access, or the size of a website/web app they could take down, would be far greater than cracking 448-bit Blowfish.
Room for variation
Since AES 256-bit encryption allows for key sizes of 128, 192, and 256 bits with bit block sizes of 128 bits, the time it takes to encrypt data varies. In addition to the key sizes, there are different cycles of repetition involved with the encryption algorithm – the process of converting the inputted data (plaintext) into the encrypted output (ciphertext): 128-bit keys are cycled 10 times, 192-bit keys 12 times, and 256-bit keys 14 times. Each cycle can vary in complexity depending on the algorithm, affecting the overall security. However, the repetition cycles are hardly the defining factor in determining the total security of an encryption.
With 448-bit Blowfish encryption, key sizes range from 32 to 448 bits, with 16 cycles of repetition performed – regardless of your key size – during encryption. Blowfish standardizes on 64-bit block sizes, so higher key sizes are recommended for the encryption to achieve sufficient security.
Legacy and Future
AES was first published in 1998, and no successful cryptanalysis attacks have been made since its inception. In 2012, AES-NI (Advanced Encryption Standard New Instructions) was introduced. It’s a hardware update that can be used to “accelerate the performance of an implementation of AES by 3 to 10x” by improving the process your Intel or AMD chip processes the encryption method.
Blowfish was designed by Bruce Schneier, a man commonly known as the father of encryption. While two modern successors, Twofish and Threefish, are available, the fact that Blowfish is still widely used and has yet to be broken is a testament to its resiliency.
Real World Uses
eFolder Anchor recently introduced and standardized on (in v2.2) AES 256-bit encryption, replacing 448-bit Blowfish as its encryption method. AES 256-bit encryption allows for a quicker synchronization of files to the cloud and comes with the distinction of being the industry standard. On the other hand, Blowfish offers a vastly larger number of key possibilities, but isn’t as critically acclaimed and battle-tested as AES is.
There’s no “one size fits all” solution for file encryption, so MSPs need to carefully determine which solution is best for them and their clients before moving forward with an encryption standard for their cloud sync solution. The Anchor solution offers best-in-class military-grade security, a robust set of features and admin controls, and end-user ease-of-use that businesses operating in the cloud need.
To offer Anchor to your clients, request a demo today.