In this paper we are performencryption using blowfish algorithm using salt and we . The blowfish algorithmis used for encryption of the data and it converts a 64 bit block of input to a64 bit cypher text. This conversion is done by the use of a key which is of predefinedlength of 32-448 bits.
Normally the basic algorithm consists of 16 rounds in asingle process, but to reduce the time of the conversion and password matchingwe are proposing to use only 10 rounds in the conversion of data to cyphertext. This is very minor change but the actual impact of saving 6 rounds ishuge. This will make the process faster and it will still be unbreakable. This decision is made on theexperimental basis as it is defined that the number of rounds increases thesecurity and the level of security but only up to certain level. After thethreshold number of rounds is completed, it does not depend on how many roundsare made after the last round. It will only increase the time it will require toencrypt the data and the feasibility will be decreased. If we only use thethreshold number of rounds, it will be time efficient without compromising thesecurity of the algorithm.
So we are proposing the use of 10rounds in the algorithm. It will save 6 rounds for every time the user tries toregister to the website or he tries to login into the website. This will be forall the users.
It will save the server processing time. The benefit of thisalgorithm depends on the number of users present in the company’s database. If theusers are less, then the benefit will be quiet low but on the other hand if thenumber of users will be more than the benefit will be fairly high. Another approach we are proposingis the use of salt in the password before the encryption. The password isusually of a limited length of 10-15 characters. We have proposed to add astatic salt of 22 characters so that we can ensure the safety of all the otherclients if one of the passwords is able to be broken. If a malice user is ableto break any one of the user’s password, it will have a lot of probability thatit will be able to generate a pattern to crack all the passwords by generatinga key and the security of all the users will be at a risk then.This problem can be prevented bythe help of this salt.
We can use a string of a particular length that will bekept secret and will be prevented to be accessed by anyone other than authorizedpeople. This salt will be added to the password entered by the user and thisconcatenated string will be used for the encryption. The cypher text generatedby this concatenated string will be stored in the database and this will beused to authorize the user when he/she tries to login to the website.The secrecy of this salt will be aconcern. It should be kept secret with the company as user’s security will be dependingon this. If the malice user or any user other than the authorized one gets theaccess of this salt string, then he can make it public and then all thepasswords of the users will be at a risk. The prevention will require companyto generate hashed password for every user once again.
The security of the new saltwill also be needed to be kept in mind. It should again be accessed by the authorizedpersonnel only. The length of the salt will beanother concern. If it is too long and it increases the length of the total passwordmore than 64 bits, then it will be great issue.
As we know that the blowfishwill be converting only 64 bit block on a single core, so, if the length of thepassword is greater than 64 bits, then it will require one more cycle of theblowfish to produce the cypher text which will increase the processing time bytwo fold. Then the blowfish will require more cycles per match. Every matchwill increase the time and it will decrease the response time of the users. Thiswill decrease the user experience.So the length of thesalt should be such that it does not increase the length of the totalconcatenated string to be more than 64 bits.
We propose a length of 22 chars. Thiswill be a fairly good length for making the website secure and encryption andmatching fast. So, at last the conclusion is the use of 10 rounds and 22character salt. These two measures will make the implementation of the blowfishfast and more secure at the same time