[erlang-questions] blowfish cbc mode decrypt
Technion
technion@REDACTED
Thu Nov 12 00:00:50 CET 2015
Hi,
I appreciate in this case, the limitation is meeting compatibility with an existing product.
In terms of "things missing", if the goal is just "strong crypto", it's hard to go past libsodium, which has this erlang binding:
https://github.com/tonyg/erlang-nacl
[https://avatars2.githubusercontent.com/u/17710?v=3&s=400]<https://github.com/tonyg/erlang-nacl>
tonyg/erlang-nacl · GitHub
erlang-nacl - Erlang binding to NaCl in the form of libsodium.
Read more...<https://github.com/tonyg/erlang-nacl>
________________________________
From: Bogdan Andu <bog495@REDACTED>
Sent: Wednesday, 11 November 2015 7:28 PM
To: Technion
Cc: Dmitry Kolesnikov; Erlang
Subject: Re: [erlang-questions] blowfish cbc mode decrypt
the purpose of this function was to handle
encrypted data generated by Crypt::CBC perl module from cpan:
http://search.cpan.org/~lds/Crypt-CBC-2.33/CBC.pm
[http://www.gravatar.com/avatar/d5d94e49bade52d29be36e2a5259993b?r=g&s=80&d=http%3A%2F%2Fst.pimg.net%2Ftucs%2Fimg%2Fwho.png]<http://search.cpan.org/~lds/Crypt-CBC-2.33/CBC.pm>
Crypt::CBC - search.cpan.org
NAME . Crypt::CBC - Encrypt Data with Cipher Block Chaining Mode. SYNOPSIS use Crypt::CBC; $cipher = Crypt::CBC->new( -key => 'my secret key ...
Read more...<http://search.cpan.org/~lds/Crypt-CBC-2.33/CBC.pm>
funny thing is there is php module (that emulates Crypt::CBC):
http://pear.php.net/package/Crypt_CBC
may be a more general approach would be to make use of PBKDF2
and *ALL* implementation must agree on a single pbkdf algorithm.
I have also observed that padding is not handled also for blowfish_cbc
block cipher, at least.
Basically there are few things missing for non-ECB mode of operations (CBC, CFB, CRT, )for block ciphers,
among them being padding and an universal password-based key derivation function algorithm.
Bogdan
On Wed, Nov 11, 2015 at 1:22 AM, Technion <technion@REDACTED<mailto:technion@REDACTED>> wrote:
Hi,
I'm not sure if you have other mitigating code, but I'd be concerned about calling two calls to MD5 on a passphrase a "derived key" - this would be very weak crypto.
________________________________
From: erlang-questions-bounces@REDACTED<mailto:erlang-questions-bounces@REDACTED> <erlang-questions-bounces@REDACTED<mailto:erlang-questions-bounces@REDACTED>> on behalf of Bogdan Andu <bog495@REDACTED<mailto:bog495@REDACTED>>
Sent: Wednesday, 11 November 2015 12:51 AM
To: Dmitry Kolesnikov
Cc: Erlang
Subject: Re: [erlang-questions] blowfish cbc mode decrypt
I was thinking that is handled internally...
however, this did the trick (for randomiv mode of operation):
blowfish_key_from_key(Key) ->
Temp = crypto:md5(Key),
blowfish_key_from_key1(Temp).
blowfish_key_from_key1(Temp) when size(Temp) < 56 ->
Temp1 = crypto:md5(Temp),
blowfish_key_from_key1(<<Temp/binary, Temp1/binary>>);
blowfish_key_from_key1(Temp) ->
<<Temp1:56/binary, _Rest/bitstring>> = Temp,
Temp1.
I think that crypto should have this kind oh helper functions
because , like in cases of blowfish cipher , whose key length can
be variable, could be useful in using the cipher correctly, and people
would know that some things are not implied.
Thanks,
Bogdan
On Tue, Nov 10, 2015 at 1:15 PM, Dmitry Kolesnikov <dmkolesnikov@REDACTED<mailto:dmkolesnikov@REDACTED>> wrote:
Hello,
Yes, this want I thought. You are using wrong key to decrypt data on Erlang side.
Please notice that
“Crypt::CBC can derive the key and the IV from a passphrase that you provide, or can let you specify the true key and IV manually…
The -key argument provides either a passphrase to use to generate the encryption key, or the literal value of the block cipher key. If used in passphrase mode (which is the default), -key can be any number of characters; the actual key will be derived by passing the passphrase through a series of MD5 hash operations.”
So, in your example Key is not an encryption key, this is a pass-phrase. The Erlang’s implementation expects that you provides actual key.
I do not know how perl’s Crypt::CBC derives the key from perspires. You can either reverse engineer that piece of code or you can use literal key.
Best Regards,
Dmitry
> On Nov 10, 2015, at 11:58 AM, Bogdan Andu <bog495@REDACTED<mailto:bog495@REDACTED>> wrote:
>
> use strict;
> use warnings;
> use MIME::Base64;
>
> use Crypt::CBC;
> #use Digest::HMAC_SHA1 qw(hmac_sha1 hmac_sha1_hex);
> use PHP::Serialization qw(serialize unserialize);
>
> my $pt = 'a:10:{s:6:"adresa";s:89:"Address 2 TEST \xc3\x84\xc2\x83\xc3\x83\xc2\xae\xc3\x88\xc2\x99\xc3\x88\xc2\x9b\xc3\x88\xc2\x99\xc3\x88\xc2\x9bbl 7bap 71district XXXBucure\xc3\x88\xc2\x99tiJUDE\xc3\x88\xc2\x9a031905RO";s:4:"info";i:1460382;s:7:"urlback";s:41:"https://192.162.16.116:8020/snep_response";s:4:"cuip";s:18:"Cererea nr 1460382";s:6:"idtaxa";i:5001;s:5:"email";s:16:"xxx123@REDACTED<mailto:xxx123@REDACTED>";s:4:"nume";s:55:"\xc3\x88\xc2\x99 \xc3\x88\xc2\x9b \xc3\x84\xc2\x83 \xc3\x83\xc2\xae \xc3\x83\xc2\xa2 \xc3\x83\xc2\x82 \xc3\x83\xc2\x8e \xc3\x84\xc2\x82 \xc3\x88\xc2\x98 \xc3\x88\xc2\x9a u\xc3\x83\xc2\xa7";s:3:"cui";s:18:"Cererea nr 1460382";s:9:"idnomunic";i:13;s:4:"suma";d:262.69;}';
>
> print $pt, "\n";
>
> my $key = "12345678900987654321001234567890";
> my $cipher = Crypt::CBC->new(
> -key => $key,
> -cipher => 'Blowfish',
> -header => 'randomiv'
> );
>
> # print "$pt\n";
> my $encpt = $cipher->encrypt($pt);
> print "\n$encpt", "\n";
>
> print "\n", encode_base64($encpt), "\n";
>
> ## TEST
> my $decpt = $cipher->decrypt($encpt);
> print "\n$decpt", "\n";
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20151111/720cef82/attachment.htm>
More information about the erlang-questions
mailing list