What level of encryption is this in Bouncy Castle

Question

I came across some code for encrypting data using Bouncy Castle but I couldn't find any documentation that would indicate what kind of algorithm is being used to encrypt data or how many bits are used for the key. I also couldn't find a discussion forum for Bouncy Castle. Does anyone know what algorithm this is using and how many bits for the key?

BlowfishEngine blowfishEngine = new BlowfishEngine();
CBCBlockCipher cbcBlockCipher = new CBCBlockCipher(blowfishEngine); 

KeyParameter key = new KeyParameter(key);

BufferedBlockCipher cipher = new PaddedBlockCipher(cbcBlockCipher);

cipher.init(true, key);

int size = cipher.getOutputSize(data.length);
byte[] result = new byte[size];
int olen = cipher.processBytes(data, 0, data.length, result, 0);
olen += cipher.doFinal(result, olen);

if (olen < size)
{
  byte[] tmp = new byte[olen];
  System.arraycopy(result, 0, tmp, 0, olen);
  result = tmp;
}

Answer 1

The algorithm is Blowfish, running in the Cipher Block Chaining operating mode. Blowfish allows for a wide range of key sizes, from 32 bits to 448 bits. That said, it uses a 64-bit block size (amount of data it can encrypt in one segment), which is not as secure as 128-bit block sizes found in ciphers like AES. Otherwise, Blowfish is a pretty secure cipher, as long as you use a key size of 128 bits or larger.

That said, it is not very performant when it comes to rekeying operations (it takes forever to rekey, which is why it's key schedule is the basis for bcrypt). Your best bet is to use AES-256 (swap out BlowfishEngine for AESEngine).

As far as keysize goes, based on your comments it looks like you're trying to use a password as an encryption key directly. This is a very bad practice, and makes it very easy to brute force youe encryption. You should instead by using the password to drive a key derivation function like PBKDF2, which will give you a much safer, longer key. Check out this answer for a good way to do this with BouncyCastle in java.