Breaking 224-bit Blowfish encryption

I have a bunch of encrypted files that I want to decrypt (duh). I found out they are encrypted with Blowfish using a 224-bit key after some research. I know what the first few bytes of the plaintext looks like (it's kind of a header).

Noting that I am not NSA nor do I have ridiculous computing power, is there any chance of me brute forcing the key within a reasonable time (eg: not the life of the universe)?

I read somewhere that someone published an attack on the full-blown Blowfish (no pun intended) that reduces the search to 2^(n/2) but it mysteriously disappeared. Apparently it was some kind of MITM attack; though Blowfish uses a 16 round Feistel network, so it has to be clever if it exists. Can anyone confirm this?

EDIT: I do have access to a large number of the keys that are used, just not all of them. Perhaps it would be more worth my wh开发者_如何学Goile to try and attack the generation of the keys instead?

There is no chance of you brute-forcing the key*. Assuming there is a meet-in-the-middle attack for Blowfish that reduces it to testing 2^112 keys, there isn't enough computing power on the planet to have a decent chance of brute-forcing the key before the Sun goes cold. The NSA couldn't do it either, if that's any consolation, although it's conceivable they can solve Blowfish rather than guess keys.

Unless you can find the keys, you aren't going to read the files.

*Technically, you do have a chance. However, it's far more likely that you'll win a national lottery twice (assuming you buy a ticket for two drawings).

No, you can't recover the plain text unless the encryption was done incorrectly.

There is a published "known plain text" attack, but it requires billions of known plain texts to work.

Update regarding "Edit": Again, if the encryption was done correctly, examining the known keys won't help, because a cryptographic number generator used to generate good keys is going to have similar complexity as the cipher. However, using a bad generator (or password-based encryption with weak passwords) is a common implementation flaw. Good luck!

2^(n/2) means in this case 2^223 rather than 224, possibly? if so, I can't see it helps you very much. I think you need to get down to something like 2^64 or so to brute force it on a home PC in a reasonable time.

Do you happen to know how the key was chosen? If it's say, generated from a password and no proper password derivation function is used this may be your best angle of attack. Also depending on the chaining mode used there could be other venue of attack, we need to know more.