Cryptanalysis of Blowfish
There is no effective cryptanalysis on the full-round version of Blowfish known to the public as of 2011. A sign extension bug in one publication of C code has been identified.
In 1996, Serge Vaudenay found a known-plaintext attack requiring 28r + 1 known plaintexts to break, where r is the number of rounds. Moreover, he also found a class of weak keys that can be detected and broken by the same attack with only 24r + 1 known plaintexts. This attack cannot be used against the regular Blowfish; it assumes knowledge of the key-dependent S-boxes. Vincent Rijmen, in his Ph.D. thesis, introduced a second-order differential attack that can break four rounds and no more. There remains no known way to break the full 16 rounds, apart from a brute-force search.
Bruce Schneier notes that while Blowfish is still in use, he recommends using the more recent Twofish algorithm instead.
Read more about this topic: Blowfish (cipher)