<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>Hi,</p>
<p><br>
</p>
<p>I appreciate in this case, the limitation is meeting compatibility with an existing product.</p>
<p><br>
</p>
<p>In terms of "things missing", if the goal is just "strong crypto", it's hard to go past libsodium, which has this erlang binding:</p>
<p><br>
</p>
<p><a id="LPlnk807629" href="https://github.com/tonyg/erlang-nacl">https://github.com/tonyg/erlang-nacl</a></p>
<p></p>
<div id="LPBorder_GT_14472828291980.2686412123705008" style="width: 100%; overflow: auto; margin-top: 20px; margin-bottom: 20px; display: inline-block;">
<table id="LPContainer_14472828291930.050428968969637555" style="width: 80%; overflow: auto; border-top-color: rgb(204, 204, 204); border-bottom-color: rgb(204, 204, 204); border-top-width: 1px; border-bottom-width: 1px; border-top-style: solid; border-bottom-style: solid; position: relative; background-color: rgb(255, 255, 255);">
<tbody>
<tr valign="top" style="border-spacing: 0px;">
<td id="ImageCell_14472828291930.3694816161923795" style="width: 250px; padding-right: 20px; vertical-align: middle; display: table-cell; position: relative;" colspan="1">
<div id="LPImageContainer_14472828291940.9583477375416765" style="padding: 0px; width: 250px; height: 254px; margin-top: 12px; display: table; position: relative; background-color: rgb(255, 255, 255);">
<a id="LPImageAnchor_14472828291950.8022056909321391" style="text-align: center; display: table-cell;" href="https://github.com/tonyg/erlang-nacl" target="_blank"><img width="250" height="250" style="border-width: 0px; width: 250px; height: 250px; margin-right: auto; margin-left: auto; display: inline-block; max-height: 250px; max-width: 250px;" aria-label="Preview image with link selected. Double-tap to open the link." src="https://avatars2.githubusercontent.com/u/17710?v=3&s=400"></a></div>
</td>
<td>
<div id="LPTitle_14472828291960.11997301072977068" style="top: 0px; color: rgb(51, 51, 51); font-family: 'wf_segoe-ui_semilight', 'Segoe UI Semilight', 'Segoe WP Semilight', 'Segoe UI', 'Segoe WP', Tahoma, Arial, sans-serif; font-size: 21px; margin-top: 8px; margin-right: 14px; margin-left: 14px;">
tonyg/erlang-nacl · GitHub</div>
<div id="LPDescription_14472828291970.12203919320277012" style="color: rgb(102, 102, 102); font-family: 'wf_segoe-ui_normal', 'Segoe UI', 'Segoe WP', Tahoma, Arial, sans-serif; font-size: 13px; margin-top: 8px; margin-right: 14px; margin-left: 14px;">
erlang-nacl - Erlang binding to NaCl in the form of libsodium.</div>
<div id="LPUrlContainer_14472828291970.9345163210931922" style="margin: 8px 14px 10px; height: 18px; overflow: hidden; white-space: nowrap; -ms-text-overflow: ellipsis;">
<a id="LPUrlAnchor_14472828291970.8146698278661357" style="font-family: 'wf_segoe-ui_normal', 'Segoe UI', 'Segoe WP', Tahoma, Arial, sans-serif; font-size: 11px; text-decoration: none;" href="https://github.com/tonyg/erlang-nacl" target="_blank">Read more...</a></div>
</td>
</tr>
</tbody>
</table>
</div>
<p></p>
<br>
<p><br>
</p>
<p><br>
</p>
<br>
<br>
<div style="color: rgb(0, 0, 0);">
<hr tabindex="-1" style="width: 98%; display: inline-block;">
<div id="divRplyFwdMsg" dir="ltr"><font color="#000000" face="Calibri, sans-serif" style="font-size: 11pt;"><b>From:</b> Bogdan Andu <bog495@gmail.com><br>
<b>Sent:</b> Wednesday, 11 November 2015 7:28 PM<br>
<b>To:</b> Technion<br>
<b>Cc:</b> Dmitry Kolesnikov; Erlang<br>
<b>Subject:</b> Re: [erlang-questions] blowfish cbc mode decrypt</font>
<div> </div>
</div>
<div>
<div dir="ltr">
<div>
<div>
<div>
<div>the purpose of this function was to handle <br>
</div>
encrypted data generated by Crypt::CBC perl module from cpan:<br>
<a id="LPlnk563896" href="http://search.cpan.org/~lds/Crypt-CBC-2.33/CBC.pm">http://search.cpan.org/~lds/Crypt-CBC-2.33/CBC.pm</a>
<p></p>
<div id="LPBorder_GT_14472827886030.2633712747419087" style="width: 100%; overflow: auto; margin-top: 20px; margin-bottom: 20px; display: inline-block;">
<table id="LPContainer_14472827885990.21894115663887603" style="width: 80%; overflow: auto; border-top-color: rgb(204, 204, 204); border-bottom-color: rgb(204, 204, 204); border-top-width: 1px; border-bottom-width: 1px; border-top-style: solid; border-bottom-style: solid; position: relative; background-color: rgb(255, 255, 255);">
<tbody>
<tr valign="top" style="border-spacing: 0px;">
<td id="ImageCell_14472827886000.7216353440098508" style="width: 250px; padding-right: 20px; vertical-align: middle; display: table-cell; position: relative;" colspan="1">
<div id="LPImageContainer_14472827886000.1784772356768562" style="padding: 0px; width: 140px; height: 84px; margin-top: 12px; display: table; position: relative; background-color: rgb(255, 255, 255);">
<a id="LPImageAnchor_14472827886010.28077512191946774" style="text-align: center; display: table-cell;" href="http://search.cpan.org/~lds/Crypt-CBC-2.33/CBC.pm" target="_blank"><img width="80" height="80" style="border-width: 0px; width: 80px; height: 80px; margin-right: auto; margin-left: auto; display: inline-block; max-height: 250px; max-width: 250px;" aria-label="Preview image with link selected. Double-tap to open the link." src="http://www.gravatar.com/avatar/d5d94e49bade52d29be36e2a5259993b?r=g&s=80&d=http%3A%2F%2Fst.pimg.net%2Ftucs%2Fimg%2Fwho.png"></a></div>
</td>
<td>
<div id="LPTitle_14472827886010.27473034684569536" style="top: 0px; color: rgb(51, 51, 51); font-family: 'wf_segoe-ui_semilight', 'Segoe UI Semilight', 'Segoe WP Semilight', 'Segoe UI', 'Segoe WP', Tahoma, Arial, sans-serif; font-size: 21px; margin-top: 8px; margin-right: 14px; margin-left: 14px;">
Crypt::CBC - search.cpan.org</div>
<div id="LPDescription_14472827886020.40721936372898665" style="color: rgb(102, 102, 102); font-family: 'wf_segoe-ui_normal', 'Segoe UI', 'Segoe WP', Tahoma, Arial, sans-serif; font-size: 13px; margin-top: 8px; margin-right: 14px; margin-left: 14px;">
NAME . Crypt::CBC - Encrypt Data with Cipher Block Chaining Mode. SYNOPSIS use Crypt::CBC; $cipher = Crypt::CBC->new( -key => 'my secret key ...</div>
<div id="LPUrlContainer_14472827886020.0398289594209309" style="margin: 8px 14px 10px; height: 18px; overflow: hidden; white-space: nowrap; -ms-text-overflow: ellipsis;">
<a id="LPUrlAnchor_14472827886020.12041598501650091" style="font-family: 'wf_segoe-ui_normal', 'Segoe UI', 'Segoe WP', Tahoma, Arial, sans-serif; font-size: 11px; text-decoration: none;" href="http://search.cpan.org/~lds/Crypt-CBC-2.33/CBC.pm" target="_blank">Read
more...</a></div>
</td>
</tr>
</tbody>
</table>
</div>
<p></p>
<br>
<br>
<br>
</div>
<div>funny thing is there is php module (that emulates Crypt::CBC):<br>
<a href="http://pear.php.net/package/Crypt_CBC">http://pear.php.net/package/Crypt_CBC</a><br>
</div>
<div><br>
</div>
may be a more general approach would be to make use of PBKDF2<br>
</div>
<div>and *ALL* implementation must agree on a single pbkdf algorithm.<br>
<br>
</div>
<br>
</div>
<div>I have also observed that padding is not handled also for blowfish_cbc<br>
</div>
<div>block cipher, at least.<br>
<br>
</div>
<div>Basically there are few things missing for non-ECB mode of operations (CBC, CFB, CRT, )for block ciphers,<br>
</div>
<div>among them being padding and an universal password-based key derivation function algorithm.<br>
</div>
<div><br>
</div>
Bogdan<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Nov 11, 2015 at 1:22 AM, Technion <span dir="ltr">
<<a href="mailto:technion@lolware.net" target="_blank">technion@lolware.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; padding-left: 1ex; border-left-color: rgb(204, 204, 204); border-left-width: 1px; border-left-style: solid;">
<div dir="ltr">
<div style="color: rgb(0, 0, 0); font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt; background-color: rgb(255, 255, 255);">
<p>Hi,</p>
<p><br>
</p>
<p>I'm not sure if you have other mitigating code, but I'd be concerned about calling two calls to MD5 on a passphrase a "derived key" - this would be very weak crypto.<br>
</p>
<br>
<br>
<div style="color: rgb(0, 0, 0);">
<hr style="width: 98%; display: inline-block;">
<div dir="ltr"><font color="#000000" face="Calibri, sans-serif" style="font-size: 11pt;"><b>From:</b>
<a href="mailto:erlang-questions-bounces@erlang.org" target="_blank">erlang-questions-bounces@erlang.org</a> <<a href="mailto:erlang-questions-bounces@erlang.org" target="_blank">erlang-questions-bounces@erlang.org</a>> on behalf of Bogdan Andu <<a href="mailto:bog495@gmail.com" target="_blank">bog495@gmail.com</a>><br>
<b>Sent:</b> Wednesday, 11 November 2015 12:51 AM<br>
<b>To:</b> Dmitry Kolesnikov<br>
<b>Cc:</b> Erlang<br>
<b>Subject:</b> Re: [erlang-questions] blowfish cbc mode decrypt</font>
<div> </div>
</div>
<div>
<div class="h5">
<div>
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>
<div>
<div>I was thinking that is handled internally...<br>
<br>
</div>
however, this did the trick (for randomiv mode of operation):<br>
<br>
blowfish_key_from_key(Key) -><br>
Temp = crypto:md5(Key),<br>
blowfish_key_from_key1(Temp).<br>
<br>
blowfish_key_from_key1(Temp) when size(Temp) < 56 -><br>
Temp1 = crypto:md5(Temp),<br>
blowfish_key_from_key1(<<Temp/binary, Temp1/binary>>);<br>
<br>
blowfish_key_from_key1(Temp) -> <br>
<<Temp1:56/binary, _Rest/bitstring>> = Temp,<br>
Temp1.<br>
<br>
</div>
I think that crypto should have this kind oh helper functions<br>
</div>
because , like in cases of blowfish cipher , whose key length can<br>
</div>
be variable, could be useful in using the cipher correctly, and people <br>
</div>
would know that some things are not implied.<br>
<br>
</div>
Thanks,<br>
</div>
Bogdan<br>
<div>
<div>
<div>
<div>
<div>
<div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Nov 10, 2015 at 1:15 PM, Dmitry Kolesnikov <span dir="ltr">
<<a href="mailto:dmkolesnikov@gmail.com" target="_blank">dmkolesnikov@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; padding-left: 1ex; border-left-color: rgb(204, 204, 204); border-left-width: 1px; border-left-style: solid;">
Hello,<br>
<br>
Yes, this want I thought. You are using wrong key to decrypt data on Erlang side.<br>
<br>
Please notice that<br>
<br>
“Crypt::CBC can derive the key and the IV from a passphrase that you provide, or can let you specify the true key and IV manually…<br>
<br>
The -key argument provides either a passphrase to use to generate the encryption key, or the literal value of the block cipher key. If used in passphrase mode (which is the default), -key can be any number of characters; the actual key will be derived by passing
the passphrase through a series of MD5 hash operations.”<br>
<br>
So, in your example Key is not an encryption key, this is a pass-phrase. The Erlang’s implementation expects that you provides actual key.<br>
<br>
I do not know how perl’s Crypt::CBC derives the key from perspires. You can either reverse engineer that piece of code or you can use literal key.<br>
<br>
<br>
Best Regards,<br>
Dmitry<br>
<div>
<div><br>
<br>
> On Nov 10, 2015, at 11:58 AM, Bogdan Andu <<a href="mailto:bog495@gmail.com" target="_blank">bog495@gmail.com</a>> wrote:<br>
><br>
> use strict;<br>
> use warnings;<br>
> use MIME::Base64;<br>
><br>
> use Crypt::CBC;<br>
> #use Digest::HMAC_SHA1 qw(hmac_sha1 hmac_sha1_hex);<br>
> use PHP::Serialization qw(serialize unserialize);<br>
><br>
> my $pt = 'a:10:{s:6:"adresa";s:89:"Address 2 TEST \xc3\x84\xc2\x83\xc3\x83\xc2\xae\xc3\x88\xc2\x99\xc3\x88\xc2\x9b\xc3\x88\xc2\x99\xc3\x88\xc2\x9bbl 7bap 71district XXXBucure\xc3\x88\xc2\x99tiJUDE\xc3\x88\xc2\x9a031905RO";s:4:"info";i:1460382;s:7:"urlback";s:41:"<a href="https://192.162.16.116:8020/snep_response" target="_blank" rel="noreferrer">https://192.162.16.116:8020/snep_response</a>";s:4:"cuip";s:18:"Cererea
nr 1460382";s:6:"idtaxa";i:5001;s:5:"email";s:16:"<a href="mailto:xxx123@gmail.com" target="_blank">xxx123@gmail.com</a>";s:4:"nume";s:55:"\xc3\x88\xc2\x99 \xc3\x88\xc2\x9b \xc3\x84\xc2\x83 \xc3\x83\xc2\xae \xc3\x83\xc2\xa2 \xc3\x83\xc2\x82 \xc3\x83\xc2\x8e
\xc3\x84\xc2\x82 \xc3\x88\xc2\x98 \xc3\x88\xc2\x9a u\xc3\x83\xc2\xa7";s:3:"cui";s:18:"Cererea nr 1460382";s:9:"idnomunic";i:13;s:4:"suma";d:262.69;}';<br>
><br>
> print $pt, "\n";<br>
><br>
> my $key = "12345678900987654321001234567890";<br>
> my $cipher = Crypt::CBC->new(<br>
> -key => $key,<br>
> -cipher => 'Blowfish',<br>
> -header => 'randomiv'<br>
> );<br>
><br>
> # print "$pt\n";<br>
> my $encpt = $cipher->encrypt($pt);<br>
> print "\n$encpt", "\n";<br>
><br>
> print "\n", encode_base64($encpt), "\n";<br>
><br>
> ## TEST<br>
> my $decpt = $cipher->decrypt($encpt);<br>
> print "\n$decpt", "\n";<br>
<br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</body>
</html>