azblue wrote:
I feel like this is a pretty stupid question, but I want to be really sure I understand it what a "round" is. I feed plaintext into Blowfish once and get ciphertext, that's one round. I feed that ciphertext back into Blowfish and get new ciphertext, that's 2 rounds. Is this right? Repeat that 14 more times?
No, that is not it. A round is simply what the algorithm designers say it is. For instance, SHA-3 consists of 24 rounds of five subrounds each. So when you look at an implementation of SHA-3, you will likely see either a loop that runs 24 times, or 24 repetitions of the exact same instructions. The rounds are already in the algorithm.
So in the case of Blowfish, running the encryption already ran all 16 rounds.
azblue wrote:
The Wikipedia page seemed to suggest the variations to block ciphers, such as OFB or CTR, are valid for any block cipher. Did I infer that correctly? In other words, can I be sure I won't break Blowfish's security by turning it into a cipher stream via an established method (ie, OFB or CTR, not the combo I initially made up)?
Blowfish is a block cipher. That means, it can take 8 bytes of data and a variable length key in and give you 8 bytes of data out. The output fulfills two properties: (1) If you put the output and the same key into the decrypt function, you get your input back out, and (2) it is impossible to distinguish the output from random numbers without the key.
That's not terribly useful on its own: When do you ever want to encrypt exactly 8 bytes of data? So that's what modes of operation are there for. No, they won't tank the security of blowfish on their own, as the security promise of a block cipher has nothing to do with stream encryption. You might need other security promises that you can use the modes of operation along with Blowfish as primitive to fulfill.
It is never enough to say that something is "secure". It is better to say "(insert problem here) cannot happen." In Blowfish, an attacker without the key decrypting a block on its own cannot happen in feasible time. That is its security promise. Of course, improper implementation of a mode of operation can cause the attacker to recover the key or the plain text, but that is not a problem of Blowfish.
And what mode you need, and what other things you need, depend on your application. Though if your threat model includes attackers being able to change ciphertext (as in Internet communication), then please consider the use of authenticated encryption. And put the MAC on the outermost layer and test it first. Common pitfall is to compute the MAC over plaintext. Unfortunately, this allows attackers to recover the plaintext if they can get the receiver to try and decrypt their messages multiple times. Also known as padding oracle. So just compute the MAC over the ciphertext!