[erlang-questions] blowfish cbc mode decrypt

[Technion]

Hi,


I'm not sure if you have other mitigating code, but I'd be concerned about calling two calls to MD5 on a passphrase a "derived key" - this would be very weak crypto.


________________________________
From: erlang-questions-bounces@REDACTED <erlang-questions-bounces@REDACTED> on behalf of Bogdan Andu <bog495@REDACTED>
Sent: Wednesday, 11 November 2015 12:51 AM
To: Dmitry Kolesnikov
Cc: Erlang
Subject: Re: [erlang-questions] blowfish cbc mode decrypt

I was thinking that is handled internally...

however, this did the trick (for randomiv mode of operation):

blowfish_key_from_key(Key) ->
    Temp = crypto:md5(Key),
    blowfish_key_from_key1(Temp).

blowfish_key_from_key1(Temp) when size(Temp) < 56 ->
    Temp1 = crypto:md5(Temp),
    blowfish_key_from_key1(<<Temp/binary, Temp1/binary>>);

blowfish_key_from_key1(Temp) ->
    <<Temp1:56/binary, _Rest/bitstring>> = Temp,
    Temp1.

I think that crypto should have this kind oh helper functions
because , like in cases of blowfish cipher , whose key length can
be variable, could be useful in using the cipher correctly, and people
would know that some things are not implied.

Thanks,
Bogdan


On Tue, Nov 10, 2015 at 1:15 PM, Dmitry Kolesnikov <dmkolesnikov@REDACTED<mailto:dmkolesnikov@REDACTED>> wrote:
Hello,

Yes, this want I thought. You are using wrong key to decrypt data on Erlang side.

Please notice that

"Crypt::CBC can derive the key and the IV from a passphrase that you provide, or can let you specify the true key and IV manually...

The -key argument provides either a passphrase to use to generate the encryption key, or the literal value of the block cipher key. If used in passphrase mode (which is the default), -key can be any number of characters; the actual key will be derived by passing the passphrase through a series of MD5 hash operations."

So, in your example Key is not an encryption key, this is a pass-phrase. The Erlang's implementation expects that you provides actual key.

I do not know how perl's Crypt::CBC derives the key from perspires. You can either reverse engineer that piece of code or you can use literal key.


Best Regards,
Dmitry


> On Nov 10, 2015, at 11:58 AM, Bogdan Andu <bog495@REDACTED<mailto:bog495@REDACTED>> wrote:
>
> use strict;
> use warnings;
> use MIME::Base64;
>
> use Crypt::CBC;
> #use Digest::HMAC_SHA1 qw(hmac_sha1 hmac_sha1_hex);
> use PHP::Serialization qw(serialize unserialize);
>
> my $pt = 'a:10:{s:6:"adresa";s:89:"Address 2 TEST \xc3\x84\xc2\x83\xc3\x83\xc2\xae\xc3\x88\xc2\x99\xc3\x88\xc2\x9b\xc3\x88\xc2\x99\xc3\x88\xc2\x9bbl 7bap 71district XXXBucure\xc3\x88\xc2\x99tiJUDE\xc3\x88\xc2\x9a031905RO";s:4:"info";i:1460382;s:7:"urlback";s:41:"https://192.162.16.116:8020/snep_response";s:4:"cuip";s:18:"Cererea nr 1460382";s:6:"idtaxa";i:5001;s:5:"email";s:16:"xxx123@REDACTED<mailto:xxx123@REDACTED>";s:4:"nume";s:55:"\xc3\x88\xc2\x99 \xc3\x88\xc2\x9b \xc3\x84\xc2\x83 \xc3\x83\xc2\xae \xc3\x83\xc2\xa2 \xc3\x83\xc2\x82 \xc3\x83\xc2\x8e \xc3\x84\xc2\x82 \xc3\x88\xc2\x98 \xc3\x88\xc2\x9a u\xc3\x83\xc2\xa7";s:3:"cui";s:18:"Cererea nr 1460382";s:9:"idnomunic";i:13;s:4:"suma";d:262.69;}';
>
> print $pt, "\n";
>
> my $key = "12345678900987654321001234567890";
> my $cipher = Crypt::CBC->new(
>                    -key    => $key,
>                 -cipher => 'Blowfish',
>                 -header => 'randomiv'
> );
>
>         #       print "$pt\n";
> my $encpt = $cipher->encrypt($pt);
> print "\n$encpt", "\n";
>
> print "\n", encode_base64($encpt), "\n";
>
> ## TEST
> my $decpt = $cipher->decrypt($encpt);
> print "\n$decpt", "\n";


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20151110/f65f62e3/attachment.htm>