Determine Encryption Strength - Crypt::CBC & OpenSSL::AES

perlgoon has asked for the wisdom of the Perl Monks concerning the following question:

I'll probably get murdered for asking this but I'm not sure where else to look. I'm using Crypt::CBC in conjunction with Crypt::OpenSSL::AES on a 64-bit CentOS box... I'm trying to determine if in fact the resulting encoding is 256 opposed to 128 bit.

my $cipher = Crypt::CBC->new( -key    => '1234567890123456',
                              -cipher => 'Crypt::OpenSSL::AES',
                              -header => 'none',
                              -iv     => '6543210987654321' );
[download]

I realize that by passing a 'key' rather than a 'literal_key', CBC will take that and compute an MD5 hash for the literal key used with AES ... I'm just not positive what bit length that is. Basically I need to prove one way or another that I'm using AES128 or AES256... and I'm at a loss where to confirm that.

Comment on Determine Encryption Strength - Crypt::CBC & OpenSSL::AES Download Code

Replies are listed 'Best First'.
Re: Determine Encryption Strength - Crypt::CBC & OpenSSL::AES by roboticus (Chancellor) on Aug 30, 2013 at 00:44 UTC
perlgoon: Crypt::Cipher::AES docs show a keysize method, so perhaps you could encrypt your data with it and compare it to the value you get with Crypt::CBC. Then when you find a configuration that matches, you can check the keysize. (Note: I don't use encryption modules, so I don't know if this may be helpful or not.) ...roboticus When your only tool is a hammer, all problems look like your thumb.	[reply]
Re: Determine Encryption Strength - Crypt::CBC & OpenSSL::AES by flexvault (Monsignor) on Aug 30, 2013 at 13:46 UTC
perlgoon, I've only used 'Crypt::OpenSSL::AES' and you create a cipher by passing an exact 32 byte string which is 256bits of data. After that de/encrypt is by passing the cipher and an exact 16 byte strings or 128 bits of data. Also I use 'pack/unpack' to add the length of the actual string to the beginning of the encrypted data. This way you don't care if the data is a multiple of 16 bytes or not. Note: As a side note, a few years ago several math minded scientists discovered that the original AES128 was more secure than AES256. You may want to google this to verify that this is still true. Good Luck...Ed "Well done is better than well said." - Benjamin Franklin	[reply]
Re^2: Determine Encryption Strength - Crypt::CBC & OpenSSL::AES by Anonymous Monk on Aug 30, 2013 at 16:12 UTC
Thanks! Yeah I use Crypt::CBC in conjunction just so you don't have to worry about padding to get the proper blocksize. From what I can tell from the documentation, while Crypt::OpenSSL::AES will support keysizes of 16, 24, or 32 bytes... if you use it with Crypt::CBC it will always be 32 bytes. As suggested I verified this with the keysize routine: `use Crypt::CBC; use Crypt::OpenSSL::AES; my $cipher = Crypt::CBC->new( -key => '1234567890123456', -cipher => 'Crypt::OpenSSL::AES', -header => 'none', -iv => '6543210987654321' ); print $cipher->keysize();` [download] Again this will ALWAYS returns 32, or 256 bits.	[reply] [d/l]