Blowfish in Good Time Max

This screen shot is from the movie "Good Time Max." 17 minutes and 52 seconds into the movie, it shows Blowfish being used as an encryption algorithm.

Blowfish code on a computer monitor

Posted on January 21, 2011 at 2:36 PM • 40 Comments


Davi OttenheimerJanuary 21, 2011 3:30 PM

Hmm, might have to see it now:

"Two genius brothers grow up and grow apart as one becomes a successful surgeon and the other pursues a drug-fueled high life"

Ah, but which one resorts to Blowfish?

0x0BADF00DJanuary 21, 2011 3:54 PM

Ugh, who wrote that code and why didn't they use a #define for the buffer sizes?

hellyJanuary 21, 2011 5:58 PM

It would probably make my day if one of the Resident Evil movies had used Rot-13 encryption somewhere.

Okian WarriorJanuary 21, 2011 8:06 PM

Memeset? What the heck is that? (Second one from the top.)

Also, in addition to #defining the array lengths, the memsets should depend on the size of the array, not the length.


GabrielJanuary 21, 2011 8:44 PM

Memeset. You know, when you want to fill your buffer with the latest meme on the internet. The integer argument is actually how many years back to look.

For example, a few years ago the filled buffer would be:
How is babby formed? How a girl get pragnent.

Ten years ago: All your base are belong to us.

Your homework: provide a value for the second argument that will return: The cake is a lie.

GarrenJanuary 21, 2011 8:49 PM

Hungarian notation and a status bar that appears to be consistent with a certain MS IDE.

I am disappoint

lottieJanuary 22, 2011 1:25 AM

@gabriel - absolute genius. the only problem is if memeset goes viral and then becomes recursive.

Dirk PraetJanuary 22, 2011 4:45 PM

I wonder if the person who wrote this actually got paid for it. I don't think I'd hire him/her. Then again, it's nice to see some real-life stuff popping up once in a while in a motion picture. The blowfish-reference must at least have made somebody happy, pretty much like Fyodor is always absolutely thrilled whenever NMAP shows up in yet another movie (Die Hard 4, The Matrix Reloaded, The Bourne Ultimatum etc.).

Bruce SchneierJanuary 22, 2011 5:24 PM

"That was four years ago! I thought those kind of things were found in days in this day and age."

I don't get out much.

GabrielJanuary 22, 2011 8:26 PM

Bruce, perhaps for your next cipher, the license should require any movie makers to notify you when they mention your cipher. Also attribution in the end credits, even in a modest manner. You know, somewhere before the lead actor's name.

GabrielJanuary 23, 2011 10:01 AM

@prohias: don't you know? While developing twofish, Bruce consulted Chuck Norris on improving blowfish. Chuck Norris kicked blowfish, and after it circled the world 7 times, it was transformed into what we now call twofish. Perviously scientists and engineers had known about his ability to form physical objects using a kick, see the sphinx and mt rushmore. After this experiment, it was confirmed that Chuck Norris kicks also had the power to shape algorithms.

Sorry, couldn't resist myself.

Dirk PraetJanuary 23, 2011 1:27 PM

@ Prohias

The notion of Chuck Norris cracking blowfish is about as absurd as Stephen Hawking taking Capitol Hill by force using nothing more than a machete.

GabrielJanuary 23, 2011 3:33 PM

Dirk: you're definitely not from around here :). Chuck Norris can crack anything. Even quantum key distribution. That's why we're glad he's on our side.

When Chuck Norris cracks crypto, it also snaps and pops.

Clive RobinsonJanuary 24, 2011 2:51 AM

@ Gabriel,

"When Chuck Norris cracks crypto, it also snaps and pops"

Shouldn't that be,

"... breaks crypto, it also snaps, crackles and pops"

You have to give the puffed up hackers their rice bowl ;-)

karrdeJanuary 24, 2011 9:13 AM

I guess "blowfish" in a movie is less noticeable than "nmap" in a movie.

But the Matrix series was definitely a geek-oriented movie, while this one is not quite. And "nmap" was used for its purpose, to find a weakness in a network and exploit that weakness.

Still, that makes me wonder...who provides technical support to movie screenwriters? Why do only a few movie screenwriters/directors care about this level of technical detail?

nowhereJanuary 24, 2011 9:44 AM

In this "movie", could we get Chuck to say something to Bruce such as: "ah Master, your Kung Fu is the best!"

TimHJanuary 24, 2011 10:07 AM

I've always wondered in using Twofish-256 as choice for Truecrypt would help because I bet most people pick AES-256, so the brute force will shirley go for that first.

How's this: "Going for every possibility is Brute Force. Analysing the problem using your knowledge and experience is Bruce Force."

mooJanuary 24, 2011 11:48 AM

@karrde: "Why do only a few movie screenwriters/directors care about this level of technical detail?"

Obviously, because very few members of the audience will notice or care. Some filmmakers occasionally put in a little extra effort for authenticity, and sometimes they get some kudos from the geek world for it. It doesn't sell movie tickets though.

What is more annoying is that movie makers distort everything the way they distort computer technology. Its just easier to overlook it when its not an area you're an expert in. Doctors probably cringe when they see emergency medical procedures in a movie. And unlike journalists (who routinely mangle the details of technical stories), the movie makers are doing it deliberately! If the goal of the movie is to entertain, they have to take boring things (like computer security) and make them seem glamorous somehow. So movie computers always have user interfaces that are for the benefit of the audience, rather than the benefit of the users.

vedaalJanuary 24, 2011 12:42 PM

Chloe cracked Blowfish on 24, and then, mysteriously the 24 was never renewed.

In the Nikita Remake, Birkhoff is about to pull off a great hack, the writers are only waiting to find out who wins the SHA 3 finals ... ;-)

TSJanuary 24, 2011 1:22 PM

That's the problem with code, without comments you have no idea.

I don't think it's "meme" set, but "Me! Me!" set, which includes the likes of Hilton, Lohan, Snookie, etc.

Clive RobinsonJanuary 25, 2011 4:14 AM

@ moo,

"... the movie makers are doing it deliberate! If the goal of the movie is to entertain, they have to take boring things (like computer security) and make them seem glamorous somehow"

You mean your "Comp Sec" job is boring and unglamorous?

I actually know someone who claimed he took on the job of sorting out "user passwords" at a south of the river London Universities business school just to get to know the female students...

Whether true or not he certainly went out with quite a few of them.

anonJanuary 25, 2011 7:42 AM

I remember a movie where the doctors in the hospital gave up after a patient went into ventricular fibrillation, but when a patient flatlined they shocked him.

For those who don't know, the purpose of the shock (Defibrillation) is to stop the heart and hope it restarts correctly. It's used for ventricular fibrillation (among others), and does nothing for a totally stopped heart (flatline).

Richard Steven HackJanuary 25, 2011 10:23 PM

Bruce doesn't care who plays him, as long as Angelina Jolie is cast opposite him. (Which makes absolutely no sense...)

And if Chuck Norris can't crack Blowfish, Angie sure as hell can. She can crack anything between those thighs.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..