I came across this issue this morning, in an iOS app which I believe was restored as part of a device backup via iTunes (after an OS update).
BlowFish::decrypt is hitting the assertion where it’s internal decrypt method returns -1.
I’m not sure how to check for this to avoid the assertion, and e.g. wipe the data if the key is now invalid.
Would it be preferable for it to return a bool to indicate failure instead?