if i have to use BlowFish encryption to encrypt something such as username to send to a web service. in order for that web service to decrypt the username, they will need to have the BlowFish key available. what is the possibility that transferring the key to the owner of the web service will lead to the key being intercepted or compromised in general?
also, would it be just as secure to not encrypt the username, but to have the web service be behind a firewall that have IP filtering. this will prevent who stole the username and knows the web service address to do something to compromise security. thanks.