>>We should have a quick test of what the compatibility between the
>>devices turns out to be.  From a quick code inspection, it looks
>>like the blowfish-cbc modes are compatible on LE machines, but we
>>should test it out.  cgdconfig(8) inputs passphrases and turns them
>>into keys slightly differently, but we could come up with a document
>>that describes how to get that to work.
>
>Hmmm, on closer inspection it looks like the IV generation is subtly
>different mainly because BF_encrypt() and BF_decrypt work in host
>byte order.  If anyone needs it, I can look into implementing a
>compatible mode (which also probably covers compatibility with
>OpenBSD's vnd(4) blowfish encryption.)

	if I remember correctly, it is not recommended to use BF_{en,de}crypt
	directly.

itojun


-- from blowfish.pod
BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish
encryption.  They encrypt/decrypt the first 64 bits of the vector pointed by
B<data>, using the key B<key>.  These functions should not be used unless you
implement 'modes' of Blowfish.  The alternative is to use BF_ecb_encrypt().
If you still want to use these functions, you should be aware that they take
each 32-bit chunk in host-byte order, which is little-endian on little-endian
platforms and big-endian on big-endian ones.