Crypt::Eksblowfish(3) the Eksblowfish block cipher


use Crypt::Eksblowfish;
$block_size = Crypt::Eksblowfish->blocksize;
$cipher = Crypt::Eksblowfish->new(8, $salt, $key);
$block_size = $cipher->blocksize;
$ciphertext = $cipher->encrypt($plaintext);
$plaintext = $cipher->decrypt($ciphertext);
$p_array = $cipher->p_array;
$s_boxes = $cipher->s_boxes;
if($cipher->is_weak) { ...


An object of this type encapsulates a keyed instance of the Eksblowfish block cipher, ready to encrypt and decrypt.

Eksblowfish is a variant of the Blowfish cipher, modified to make the key setup very expensive. (``Eks'' stands for ``expensive key schedule''.) This doesn't make it significantly cryptographically stronger, but is intended to hinder brute-force attacks. It also makes it unsuitable for any application requiring key agility. It was designed by Niels Provos and David Mazieres for password hashing in OpenBSD. See Crypt::Eksblowfish::Bcrypt for the hash algorithm. See Crypt::Eksblowfish::Blowfish for the unmodified Blowfish cipher.

Eksblowfish is a parameterised (family-keyed) cipher. It takes a cost parameter that controls how expensive the key scheduling is. It also takes a family key, known as the ``salt''. Cost and salt parameters together define a cipher family. Within each family, a key determines an encryption function in the usual way. See Crypt::Eksblowfish::Family for a way to encapsulate an Eksblowfish cipher family.


Returns 8, indicating the Eksblowfish block size of 8 octets. This method may be called on either the class or an instance.


Crypt::Eksblowfish->new(COST, SALT, KEY)
Performs key setup on a new instance of the Eksblowfish algorithm, returning the keyed state. The KEY may be any length from 1 octet to 72 octets inclusive. The SALT is a family key, and must be exactly 16 octets. COST is an integer parameter controlling the expense of keying: the number of operations in key setup is proportional to 2^COST. All three parameters influence all the subkeys; changing any of them produces a different encryption function.

Due to the mandatory family-keying parameters (COST and SALT), this constructor does not match the interface expected by "Crypt::CBC" and similar crypto plumbing modules. To use Eksblowfish with them it is necessary to have an object that encapsulates a cipher family and provides a constructor that takes only a key argument. That facility is supplied by "Crypt::Eksblowfish::Family".


Returns 8, indicating the Eksblowfish block size of 8 octets. This method may be called on either the class or an instance.
PLAINTEXT must be exactly eight octets. The block is encrypted, and the ciphertext is returned.
CIPHERTEXT must be exactly eight octets. The block is decrypted, and the plaintext is returned.
These methods extract the subkeys from the keyed cipher. This is not required in ordinary operation. See the superclass Crypt::Eksblowfish::Subkeyed for details.
This method checks whether the cipher has been keyed with a weak key. It may be desired to avoid using weak keys. See the superclass Crypt::Eksblowfish::Subkeyed for details.


Eksblowfish guts originally by Solar Designer (solar at

Modifications and Perl interface by Andrew Main (Zefram) <[email protected]>.


Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Andrew Main (Zefram) <[email protected]>

The original Eksblowfish code (in the form of crypt()) from which this module is derived is in the public domain. It may be found at <>.


This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.