Click here to get back home

Crypt::CBC vs individual cipher module differs?
 HomeNewsGroups | Search | About
Login Password
Register Now!
 comp.lang.perl.misc    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Crypt::CBC vs individual cipher module differs? Waylen Gumbal 03-02-2008
Posted by Waylen Gumbal on March 2, 2008, 7:01 pm
Please log in for more thread options
 I noticed that if I use a "CBC compatible" crypt module directly, I get
a normal expected result. But if I use CBC with the same cipher type on
the same key and plaintext I get a completely different result.

I've been up and down the perldoc for Crypt::CBC and just can't figure
out why the results differ so much. Because they differ so much you
can't use one method to decrypt the other.

For example:

use Crypt::CBC;
use Crypt::OpenSSL::AES;

$key = 'secretpassphrase';
$text = 'Crypt Test #0001';

my $en1 = new Crypt::OpenSSL::AES($key)->encrypt($text);

my $en2 = new Crypt::CBC(
-key => $key, -cipher => 'Crypt::OpenSSL::AES'
)->encrypt($text);

my $en1h = unpack('H*', $en1);
my $en2h = unpack('H*', $en2);

print "OpenSSL AES\n[$en1h]\n\n";
print "AES via CBC\n[$en2h]\n\n";


__OUTPUT__
OpenSSL AES
[e1f461cdc00f4855b9b2c0367cd3a293]

AES via CBC
[53616c7465645f5f36dd0b8d9b84e278382b8cd329f7020b545c3595c239284d37d4e3dc2d6a2fc97d375675b793b357]


Thanks.

--
WG



Posted by keith on March 3, 2008, 5:31 am
Please log in for more thread options
> I noticed that if I use a "CBC compatible" crypt module directly, I get
> a normal expected result. But if I use CBC with the same cipher type on
> the same key and plaintext I get a completely different result.
>
<snip>
> __OUTPUT__
> OpenSSL AES
> [e1f461cdc00f4855b9b2c0367cd3a293]
>
> AES via CBC
>
[53616c7465645f5f36dd0b8d9b84e278382b8cd329f7020b545c3595c239284d37d4e3dc2d6a2fc97d375675b793b357]

Without knowing exactly how those particular modules do what they do,
the first thing that occurs to me is that nowhere are you providing an
initialisation vector, so presumably the modules are generating a
random IV. That will give you totally different ciphertext. The
lengths _may_ be different because the latter attempt is prepending
the ciphertext with the IV, which is required for decryption.

Just my 2 pennyworth...

Posted by Waylen Gumbal on March 3, 2008, 12:06 pm
Please log in for more thread options
keith@bytebrothers.co.uk wrote:
>> I noticed that if I use a "CBC compatible" crypt module directly, I
>> get a normal expected result. But if I use CBC with the same cipher
>> type on the same key and plaintext I get a completely different
>> result.
>>
> <snip>
>> __OUTPUT__
>> OpenSSL AES
>> [e1f461cdc00f4855b9b2c0367cd3a293]
>>
>> AES via CBC
>>
[53616c7465645f5f36dd0b8d9b84e278382b8cd329f7020b545c3595c239284d37d4e3dc2d6a2fc97d375675b793b357]
>
> Without knowing exactly how those particular modules do what they do,
> the first thing that occurs to me is that nowhere are you providing an
> initialisation vector, so presumably the modules are generating a
> random IV. That will give you totally different ciphertext. The
> lengths _may_ be different because the latter attempt is prepending
> the ciphertext with the IV, which is required for decryption.
>
> Just my 2 pennyworth...

I tried using different values for the -iv parameter for CBC but I can't
seem to find a way to get the same value using the cipher module
straight does. I want them to be compatible for each other and frankly
the fact that they give completely different results seems to defy the
point of using CBC, doesn't it?

--
WG



Posted by Mark Pryor on March 4, 2008, 7:31 pm
Please log in for more thread options
On Sun, 02 Mar 2008 16:01:42 -0800, Waylen Gumbal wrote:

> I noticed that if I use a "CBC compatible" crypt module directly, I get
> a normal expected result. But if I use CBC with the same cipher type on
> the same key and plaintext I get a completely different result.
>
> I've been up and down the perldoc for Crypt::CBC and just can't figure
> out why the results differ so much. Because they differ so much you
> can't use one method to decrypt the other.
>
> For example:
>
> use Crypt::CBC;
> use Crypt::OpenSSL::AES;
>
> $key = 'secretpassphrase';
> $text = 'Crypt Test #0001';
>
> my $en1 = new Crypt::OpenSSL::AES($key)->encrypt($text);
>
> my $en2 = new Crypt::CBC(
> -key => $key, -cipher => 'Crypt::OpenSSL::AES'
> )->encrypt($text);
>
> my $en1h = unpack('H*', $en1);
> my $en2h = unpack('H*', $en2);
>
> print "OpenSSL AES\n[$en1h]\n\n";
> print "AES via CBC\n[$en2h]\n\n";
>
>
> __OUTPUT__
> OpenSSL AES
> [e1f461cdc00f4855b9b2c0367cd3a293]
>
> AES via CBC
>
[53616c7465645f5f36dd0b8d9b84e278382b8cd329f7020b545c3595c239284d37d4e3dc2d6a2fc97d375675b793b357]
>

Waylen,

try -literal_key => 1,

that way you prevent CBC from hashing your key. I don't have the info at
hand, but I remember that for AES

blocklength = 128
and keysize is much longer than the 16 bytes from MD5 (used by CBC).

Further your key length should be controlled, not simply some string. You
can control by hashing outside of CBC and inline of your code.

--
Mark

Posted by Waylen Gumbal on March 7, 2008, 8:12 pm
Please log in for more thread options
Mark Pryor wrote:
> On Sun, 02 Mar 2008 16:01:42 -0800, Waylen Gumbal wrote:
>
>> I noticed that if I use a "CBC compatible" crypt module directly, I
>> get a normal expected result. But if I use CBC with the same cipher
>> type on the same key and plaintext I get a completely different
>> result.
>>
>> I've been up and down the perldoc for Crypt::CBC and just can't
>> figure out why the results differ so much. Because they differ so
>> much you can't use one method to decrypt the other.
>>
>> For example:
>>
>> use Crypt::CBC;
>> use Crypt::OpenSSL::AES;
>>
>> $key = 'secretpassphrase';
>> $text = 'Crypt Test #0001';
>>
>> my $en1 = new Crypt::OpenSSL::AES($key)->encrypt($text);
>>
>> my $en2 = new Crypt::CBC(
>> -key => $key, -cipher => 'Crypt::OpenSSL::AES'
>> )->encrypt($text);
>>
>> my $en1h = unpack('H*', $en1);
>> my $en2h = unpack('H*', $en2);
>>
>> print "OpenSSL AES\n[$en1h]\n\n";
>> print "AES via CBC\n[$en2h]\n\n";
>>
>>
>> __OUTPUT__
>> OpenSSL AES
>> [e1f461cdc00f4855b9b2c0367cd3a293]
>>
>> AES via CBC
>>
>
[53616c7465645f5f36dd0b8d9b84e278382b8cd329f7020b545c3595c239284d37d4e3dc2d6a2fc97d375675b793b357]
>>
>
> Waylen,
>
> try -literal_key => 1,
>
> that way you prevent CBC from hashing your key. I don't have the info
> at hand, but I remember that for AES
>
> blocklength = 128
> and keysize is much longer than the 16 bytes from MD5 (used by CBC).
>
> Further your key length should be controlled, not simply some string.
> You can control by hashing outside of CBC and inline of your code.

Thank you for replying.

I added -literal_key => 1 and I got the error:

"Cannot use salt-based key generation if literal key is specified"


I went back to perldoc and so added -header => 'none' and now I get:

"You must provide an initialization vector using -iv when
using -header=>'none'"


I'm assuming I am going the right direction in using -header => 'none'
but if so, I'm not sure how to apply -iv so I get the same result I
would from the cipher class directly.

Thanks again.

--
WG



Similar ThreadsPosted
Padding Problem with Blowfish and Crypt::CBC and Java Cipher August 12, 2005, 4:21 pm
Selected cipher type not supported by server May 8, 2008, 6:50 am
killing individual threads January 26, 2006, 12:13 pm
How to get individual fields into variables using DBI? February 20, 2007, 11:25 pm
Accessing individual bits in a number May 19, 2008, 4:07 pm
Replacing every character in a string with individual tags September 10, 2007, 6:05 pm
problem of copying individual worksheets in separate workbook June 26, 2007, 7:26 am
Using Crypt::DSA August 21, 2005, 10:43 pm
de-crypt... crypt December 23, 2005, 1:59 pm
Crypt function September 20, 2005, 6:51 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap