Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re: Crypt Blowfish

by hawtin (Prior)
on Jul 15, 2008 at 22:43 UTC ( #697817=note: print w/ replies, xml ) Need Help??


in reply to Crypt Blowfish

If you use Blowfish directly you must also remember to supply data in the 8 byte chunks it wants. Here is another example of a working implementation:

# First encode $f2 into $f1 Encode data my $cipher = new Crypt::Blowfish $model_passphrase; # Pad $f1 to the next 8 byte boundary if((length($f2) % 8) != 0) { $f2 .= "\x00" x (8 - (length($f2) % 8)); } for(my $i=0;8*$i<length($f2);$i++) { $f1 .= $cipher->encrypt(substr($f2,8*$i,8)); } # Since we have to work on Windows don't forget # the binmode() on the file handle # Now to decode $f1 into $f2 if((length($f1) % 8) != 0) { $f1 .= "\x00" x (8 - (length($f1) % 8)); } my $cipher = new Crypt::Blowfish $model_passphrase; for(my $i=0;(8*$i)<length($f1);$i++) { $f2 .= $cipher->decrypt(substr($f1,8*$i,8)); } $f2 =~ s/\x00+$//s;


Comment on Re: Crypt Blowfish
Download Code
Re^2: Crypt Blowfish
by ikegami (Pope) on Jul 16, 2008 at 05:48 UTC

    Very bad recommendation. You added padding, but you're neither salting nor chaining. You are seriously undermining the encryption by using it directly instead of using Crypt::CBC.

    By avoiding Crypt::CBC, you're actually making the code longer and much more complex, risking the addition of errors and making it harder to maintain.

    It's not just speculative either. You added a bug. Any input matching /\x00\n?\z/ cannot be encoded.

    Blowfish is a secure algorithm, but like all algorithms, they're only secure when used properly.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://697817]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (18)
As of 2015-07-01 20:14 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (19 votes), past polls