First: I encourage you to not use this library for anything serious. You need to impliment your own cipher-block chaining if you want to encrypt anything longer than 8 bytes. If you need to encrypt your web app, please use SSL. You can even get certificates for no cost these days.
I cleaned up the code, making it about 250 lines lighter, and changed the interface to be much like Perl’s Crypt::Blowfish module.
var bf = new Blowfish('some key');
var ciphertext = bf.encrypt('some plaintext');
var plaintext = bf.decrypt('some encrypted text');
I used to provide a link to a copy of blowfish.js hosted on this server, but I found that some people were using it directly on their web pages. I’ll take the blame for it, since my example code above used to show a real, active URL, but didn’t point out that it’s generally not a good idea to pull crypto code from a server you don’t control. I didn’t really have a problem with this (the bandwidth used wasn’t much), but it did make it difficult for me to publish new versions without potentially breaking someone else’s site. So over time, the version I was linking to was streets behind the ‘HEAD’ version on github. That old link will continue to work, but I won’t publish it.
If you would like to use blowfish.js on your site or in your application, please download a copy from github. If you have features or bugfixes to contribute, please do. My preferred method is through github, but if you would rather e-mail patches to me, that’s fine too.
For those who still need the old, pre-2008 version, refer to the marcelgreter branch.
Thank you list:
- Andre Mueller and Rainer Wollmann for their original UGPL’d version which seems to have disappeared from the web
- Tomasz Sz. for pointing out some bugs around April 2007
- J Nash for making Crypt::Blowfish interoperability a reality (with help from Matthew Byng-Maddick’s Crypt::Blowfish_PP) around January 2008
- Marcel Greter for contributing bugfixes and optimizations to an older, but commonly-used version in September 2010