Blowfish (Schneier, 1994) is a sixteen-rounds Feistel cipher (Feistel, 1973) in which the F function is a part of the private key. We show that the disclosure of F allows to perform a differential cryptanalysis which can recover all the rest of the key with 2⁴⁸ chosen plaintexts against a number of rounds reduced to eight. Moreover, for some weak F function, this attack only needs 2²³ chosen plaintexts against eight rounds, and 3Ã 2⁵¹ chosen plaintexts against sixteen-rounds. When the F function is safely kept private, one can detect whether it is weak or not with a differential attack using 2²² plaintexts against eight rounds