[erlang-questions] blowfish cbc mode decrypt

Ingela Andin ingela.andin@REDACTED
Wed Nov 11 20:02:46 CET 2015


Hi!

The public_key application has password based encryption functions,
although they are currently not API functions we might consider making them
API functions if there is an interest/need for it.

Regards Ingela Erlang OTP -Team Ericsson AB




2015-11-11 9:28 GMT+01:00 Bogdan Andu <bog495@REDACTED>:

> the purpose of this function was to handle
> encrypted data generated by Crypt::CBC perl module from cpan:
> http://search.cpan.org/~lds/Crypt-CBC-2.33/CBC.pm
>
> funny thing is there is php module (that emulates Crypt::CBC):
> http://pear.php.net/package/Crypt_CBC
>
> may be a more general approach would be to make use of PBKDF2
> and *ALL* implementation must agree on a single pbkdf algorithm.
>
>
> I have also observed that padding is not handled also for blowfish_cbc
> block cipher, at least.
>
> Basically there are few things  missing for non-ECB mode of operations
> (CBC, CFB, CRT, )for block ciphers,
> among them being padding and an universal password-based key derivation
> function algorithm.
>
> Bogdan
>
> On Wed, Nov 11, 2015 at 1:22 AM, Technion <technion@REDACTED> wrote:
>
>> Hi,
>>
>>
>> I'm not sure if you have other mitigating code, but I'd be concerned
>> about calling two calls to MD5 on a passphrase a "derived key" - this would
>> be very weak crypto.
>>
>>
>> ------------------------------
>> *From:* erlang-questions-bounces@REDACTED <
>> erlang-questions-bounces@REDACTED> on behalf of Bogdan Andu <
>> bog495@REDACTED>
>> *Sent:* Wednesday, 11 November 2015 12:51 AM
>> *To:* Dmitry Kolesnikov
>> *Cc:* Erlang
>> *Subject:* Re: [erlang-questions] blowfish cbc mode decrypt
>>
>> I was thinking that is handled internally...
>>
>> however, this did the trick (for randomiv mode of operation):
>>
>> blowfish_key_from_key(Key) ->
>>     Temp = crypto:md5(Key),
>>     blowfish_key_from_key1(Temp).
>>
>> blowfish_key_from_key1(Temp) when size(Temp) < 56 ->
>>     Temp1 = crypto:md5(Temp),
>>     blowfish_key_from_key1(<<Temp/binary, Temp1/binary>>);
>>
>> blowfish_key_from_key1(Temp) ->
>>     <<Temp1:56/binary, _Rest/bitstring>> = Temp,
>>     Temp1.
>>
>> I think that crypto should have this kind oh helper functions
>> because , like in cases of blowfish cipher , whose key length can
>> be variable, could be useful in using the cipher correctly, and people
>> would know that some things are not implied.
>>
>> Thanks,
>> Bogdan
>>
>>
>> On Tue, Nov 10, 2015 at 1:15 PM, Dmitry Kolesnikov <
>> dmkolesnikov@REDACTED> wrote:
>>
>>> Hello,
>>>
>>> Yes, this want I thought. You are using wrong key to decrypt data on
>>> Erlang side.
>>>
>>> Please notice that
>>>
>>> “Crypt::CBC can derive the key and the IV from a passphrase that you
>>> provide, or can let you specify the true key and IV manually…
>>>
>>> The -key argument provides either a passphrase to use to generate the
>>> encryption key, or the literal value of the block cipher key. If used in
>>> passphrase mode (which is the default), -key can be any number of
>>> characters; the actual key will be derived by passing the passphrase
>>> through a series of MD5 hash operations.”
>>>
>>> So, in your example Key is not an encryption key, this is a pass-phrase.
>>> The Erlang’s implementation expects that you provides actual key.
>>>
>>> I do not know how perl’s Crypt::CBC derives the key from perspires. You
>>> can either reverse engineer that piece of code or you can use literal key.
>>>
>>>
>>> Best Regards,
>>> Dmitry
>>>
>>>
>>> > On Nov 10, 2015, at 11:58 AM, Bogdan Andu <bog495@REDACTED> wrote:
>>> >
>>> > use strict;
>>> > use warnings;
>>> > use MIME::Base64;
>>> >
>>> > use Crypt::CBC;
>>> > #use Digest::HMAC_SHA1 qw(hmac_sha1 hmac_sha1_hex);
>>> > use PHP::Serialization qw(serialize unserialize);
>>> >
>>> > my $pt = 'a:10:{s:6:"adresa";s:89:"Address 2 TEST
>>> \xc3\x84\xc2\x83\xc3\x83\xc2\xae\xc3\x88\xc2\x99\xc3\x88\xc2\x9b\xc3\x88\xc2\x99\xc3\x88\xc2\x9bbl
>>> 7bap 71district
>>> XXXBucure\xc3\x88\xc2\x99tiJUDE\xc3\x88\xc2\x9a031905RO";s:4:"info";i:1460382;s:7:"urlback";s:41:"
>>> https://192.162.16.116:8020/snep_response";s:4:"cuip";s:18:"Cererea nr
>>> 1460382";s:6:"idtaxa";i:5001;s:5:"email";s:16:"xxx123@REDACTED";s:4:"nume";s:55:"\xc3\x88\xc2\x99
>>> \xc3\x88\xc2\x9b \xc3\x84\xc2\x83 \xc3\x83\xc2\xae \xc3\x83\xc2\xa2
>>> \xc3\x83\xc2\x82 \xc3\x83\xc2\x8e \xc3\x84\xc2\x82 \xc3\x88\xc2\x98
>>> \xc3\x88\xc2\x9a u\xc3\x83\xc2\xa7";s:3:"cui";s:18:"Cererea nr
>>> 1460382";s:9:"idnomunic";i:13;s:4:"suma";d:262.69;}';
>>> >
>>> > print $pt, "\n";
>>> >
>>> > my $key = "12345678900987654321001234567890";
>>> > my $cipher = Crypt::CBC->new(
>>> >                    -key    => $key,
>>> >                 -cipher => 'Blowfish',
>>> >                 -header => 'randomiv'
>>> > );
>>> >
>>> >         #       print "$pt\n";
>>> > my $encpt = $cipher->encrypt($pt);
>>> > print "\n$encpt", "\n";
>>> >
>>> > print "\n", encode_base64($encpt), "\n";
>>> >
>>> > ## TEST
>>> > my $decpt = $cipher->decrypt($encpt);
>>> > print "\n$decpt", "\n";
>>>
>>>
>>
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20151111/bfedcf0b/attachment.htm>


More information about the erlang-questions mailing list