Crypt::CBC 2.33 -> Crypt::CBC 3.04 incompatibilities

mmlenz has asked for the wisdom of the Perl Monks concerning the following question:

Got a situation where I can't use the same params in 2.33 with 3.04:

    my $cipher = Crypt::CBC->new(
        -key => $pass,
        -cipher => 'Blowfish',
        -header => 'randomiv'
    );
[download]

Simple. Don't use it right? We'll I have data encrypted with this method that I need to decrypt first in order to upgrade it to something more secure and modern. I'd prefer not to have to decrypt, store it in the db, and then come back and re-encrypt using a new method.

    my $ciphertext = $cipher->encrypt_hex($plaintext);
    my $text = $cipher->decrypt_hex($ciphertext);
[download]

$text and $plantext aren't equal on 3.04 but they are on 2.33. I dug through the documentation and changelog but can't spot anything that says this shouldn't work. There are lots of new options in 3.04. I reached out to Lincoln Stein (the author) but I haven't heard back. Any other experts? :) EDIT: It looks like I'm not the only one. https://rt.cpan.org/Public/Bug/Display.html?id=134355 Unfortunately I'm using different calling params and not sure how to adapt to my situation. :(

Comment on Crypt::CBC 2.33 -> Crypt::CBC 3.04 incompatibilities Select or Download Code

Replies are listed 'Best First'.
Re: Crypt::CBC 2.33 -> Crypt::CBC 3.04 incompatibilities by marto (Cardinal) on Sep 13, 2023 at 12:59 UTC
Bug #134355 for Crypt-CBC: Unable to decrypt data encrypted with 2.33 using 3.01 seems to be this issue.	[reply]
Re^2: Crypt::CBC 2.33 -> Crypt::CBC 3.04 incompatibilities by mmlenz (Acolyte) on Sep 13, 2023 at 13:42 UTC
I spotted that right after I posted as well but I'm using different calling params so I'm not exactly sure how to adapt to my situation.	[reply]
Re^3: Crypt::CBC 2.33 -> Crypt::CBC 3.04 incompatibilities by parv (Parson) on Sep 13, 2023 at 18:46 UTC
Note the last response in the bug report (even if all other parameters are different) that mentions the use of hashed key in v2.33 but literal key string in v3.03 & recovering the hashed key from v2.33 (to use as "plaintext" key in later version).	[reply]
Re^4: Crypt::CBC 2.33 -> Crypt::CBC 3.04 incompatibilities by mmlenz (Acolyte) on Sep 15, 2023 at 13:04 UTC
Re: Crypt::CBC 2.33 -> Crypt::CBC 3.04 incompatibilities by tobyink (Canon) on Sep 13, 2023 at 14:04 UTC
Honestly, I'd probably force a downgrade to an older version of the module, decrypt what you need into plain text, then re-encrypt it using either the newer version of the module or using a different encryption module. (I highly recommend CryptX!) Hire me at Toby Ink Ltd or Join my OnlyFans	[reply]