I understand that Blowfish is getting old, but is still a secure algorithm, and that AES is very popular, and is recommended by most people. My question is, how do the two compare when a 256-bit key is used for AES, and a 448-bit key (the maximum according to the standard) is used for Blowfish? Would Blowfish with a 448-bit key be more resistant to brute-force attacks? Are there any other considerations? (let's assume that we already agree that 256-bit keys are sufficiently resistent to brute-forcing).
Asked
Active
Viewed 1.6k times
1 Answers
4
Blowfish has a 64-bit block size whereas AES has a 128-bit block size, so you are sort of comparing apples and oranges (there are some things you can do in AES which would be unwise in Blowfish, in particular Blowfish in CTR mode can be distinguished from a random stream after only a few dozen gigabytes of output - see fgrieu's answer here, replacing 128 by 64 in the calculations).
As for strict brute force complexity, I think you've pretty much answered your own question, if we assume that 256-bit keys are sufficiently resistant to brute-forcing then using a longer key makes no sense. It's like trying to decide what's best between "infeasible" and "infeasible". But theoretically speaking, Blowfish uses all 448 bits of the key, so a brute-force attack would take on average $2^{447}$ guesses at the key, whereas AES would take $2^{255}$ guesses on average (AES-256, that is).
Now if you want to take cryptanalytic advances into account, AES-256 has a much lower margin of security (break complexity / brute-force complexity) than Blowfish, though both remain secure today. That said, it should be kept in mind that since AES is the Advanced Encryption Standard, it has received considerably more attention from cryptographers than Blowfish!
