I'm using Bruce Schneier' source code to encrypt some data using Blowfish. It all seems to work well except that I noticed that when I encrypt with an 8 byte key, it can be decrypted with the first character of that 8 byte key (e.g. encrypt with key "abcdefgh", and can be decrypted with "a").
Here are some extracts from my code:
Initialize blowfish:
char key[] = "abcdefgh";
InitializeBlowfish(key, 1);
Then I store my input in 8 byte blocks into two unions, each with four characters and an unsigned long.
Then I encrypt:
Blowfish_encipher(&(xl.l), &(xr.l));
Where xl.l and xr.l are each unsigned longs in my two unions xl and xr.
To decrypt:
Blowfish_decipher(&(xl.l), &(xr.l));
And note that it doesn't decrypt if the key is something random, only if it is the correct key or the first byte of it.
What is going on?!
Thanks for your help.
Links to source code I can find for blowfish tend to indicate that the InitializeBlowfish function is defined something like:
int InitializeBlowfish(char *key, size_t len)
and may be called with e.g.:
InitializeBlowfish(key_string_blowfish, strlen(key_string_blowfish));
Rather than, in your case, where you're indicating a key length of 1.