Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery

Re: Crypt Blowfish

by hawtin (Prior)
on Jul 15, 2008 at 22:43 UTC ( #697817=note: print w/replies, xml ) Need Help??

in reply to Crypt Blowfish

If you use Blowfish directly you must also remember to supply data in the 8 byte chunks it wants. Here is another example of a working implementation:

# First encode $f2 into $f1 Encode data my $cipher = new Crypt::Blowfish $model_passphrase; # Pad $f1 to the next 8 byte boundary if((length($f2) % 8) != 0) { $f2 .= "\x00" x (8 - (length($f2) % 8)); } for(my $i=0;8*$i<length($f2);$i++) { $f1 .= $cipher->encrypt(substr($f2,8*$i,8)); } # Since we have to work on Windows don't forget # the binmode() on the file handle # Now to decode $f1 into $f2 if((length($f1) % 8) != 0) { $f1 .= "\x00" x (8 - (length($f1) % 8)); } my $cipher = new Crypt::Blowfish $model_passphrase; for(my $i=0;(8*$i)<length($f1);$i++) { $f2 .= $cipher->decrypt(substr($f1,8*$i,8)); } $f2 =~ s/\x00+$//s;

Replies are listed 'Best First'.
Re^2: Crypt Blowfish
by ikegami (Patriarch) on Jul 16, 2008 at 05:48 UTC

    Very bad recommendation. You added padding, but you're neither salting nor chaining. You are seriously undermining the encryption by using it directly instead of using Crypt::CBC.

    By avoiding Crypt::CBC, you're actually making the code longer and much more complex, risking the addition of errors and making it harder to maintain.

    It's not just speculative either. You added a bug. Any input matching /\x00\n?\z/ cannot be encoded.

    Blowfish is a secure algorithm, but like all algorithms, they're only secure when used properly.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://697817]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (3)
As of 2022-08-09 02:32 GMT
Find Nodes?
    Voting Booth?

    No recent polls found