[erlang-questions] blowfish cbc mode decrypt

Technion technion@REDACTED
Wed Nov 11 00:22:17 CET 2015


I'm not sure if you have other mitigating code, but I'd be concerned about calling two calls to MD5 on a passphrase a "derived key" - this would be very weak crypto.

From: erlang-questions-bounces@REDACTED <erlang-questions-bounces@REDACTED> on behalf of Bogdan Andu <bog495@REDACTED>
Sent: Wednesday, 11 November 2015 12:51 AM
To: Dmitry Kolesnikov
Cc: Erlang
Subject: Re: [erlang-questions] blowfish cbc mode decrypt

I was thinking that is handled internally...

however, this did the trick (for randomiv mode of operation):

blowfish_key_from_key(Key) ->
    Temp = crypto:md5(Key),

blowfish_key_from_key1(Temp) when size(Temp) < 56 ->
    Temp1 = crypto:md5(Temp),
    blowfish_key_from_key1(<<Temp/binary, Temp1/binary>>);

blowfish_key_from_key1(Temp) ->
    <<Temp1:56/binary, _Rest/bitstring>> = Temp,

I think that crypto should have this kind oh helper functions
because , like in cases of blowfish cipher , whose key length can
be variable, could be useful in using the cipher correctly, and people
would know that some things are not implied.


On Tue, Nov 10, 2015 at 1:15 PM, Dmitry Kolesnikov <dmkolesnikov@REDACTED<mailto:dmkolesnikov@REDACTED>> wrote:

Yes, this want I thought. You are using wrong key to decrypt data on Erlang side.

Please notice that

"Crypt::CBC can derive the key and the IV from a passphrase that you provide, or can let you specify the true key and IV manually...

The -key argument provides either a passphrase to use to generate the encryption key, or the literal value of the block cipher key. If used in passphrase mode (which is the default), -key can be any number of characters; the actual key will be derived by passing the passphrase through a series of MD5 hash operations."

So, in your example Key is not an encryption key, this is a pass-phrase. The Erlang's implementation expects that you provides actual key.

I do not know how perl's Crypt::CBC derives the key from perspires. You can either reverse engineer that piece of code or you can use literal key.

Best Regards,

> On Nov 10, 2015, at 11:58 AM, Bogdan Andu <bog495@REDACTED<mailto:bog495@REDACTED>> wrote:
> use strict;
> use warnings;
> use MIME::Base64;
> use Crypt::CBC;
> #use Digest::HMAC_SHA1 qw(hmac_sha1 hmac_sha1_hex);
> use PHP::Serialization qw(serialize unserialize);
> my $pt = 'a:10:{s:6:"adresa";s:89:"Address 2 TEST \xc3\x84\xc2\x83\xc3\x83\xc2\xae\xc3\x88\xc2\x99\xc3\x88\xc2\x9b\xc3\x88\xc2\x99\xc3\x88\xc2\x9bbl 7bap 71district XXXBucure\xc3\x88\xc2\x99tiJUDE\xc3\x88\xc2\x9a031905RO";s:4:"info";i:1460382;s:7:"urlback";s:41:"";s:4:"cuip";s:18:"Cererea nr 1460382";s:6:"idtaxa";i:5001;s:5:"email";s:16:"xxx123@REDACTED<mailto:xxx123@REDACTED>";s:4:"nume";s:55:"\xc3\x88\xc2\x99 \xc3\x88\xc2\x9b \xc3\x84\xc2\x83 \xc3\x83\xc2\xae \xc3\x83\xc2\xa2 \xc3\x83\xc2\x82 \xc3\x83\xc2\x8e \xc3\x84\xc2\x82 \xc3\x88\xc2\x98 \xc3\x88\xc2\x9a u\xc3\x83\xc2\xa7";s:3:"cui";s:18:"Cererea nr 1460382";s:9:"idnomunic";i:13;s:4:"suma";d:262.69;}';
> print $pt, "\n";
> my $key = "12345678900987654321001234567890";
> my $cipher = Crypt::CBC->new(
>                    -key    => $key,
>                 -cipher => 'Blowfish',
>                 -header => 'randomiv'
> );
>         #       print "$pt\n";
> my $encpt = $cipher->encrypt($pt);
> print "\n$encpt", "\n";
> print "\n", encode_base64($encpt), "\n";
> ## TEST
> my $decpt = $cipher->decrypt($encpt);
> print "\n$decpt", "\n";

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20151110/f65f62e3/attachment.htm>

More information about the erlang-questions mailing list