bNathan has asked for the wisdom of the Perl Monks concerning the following question:

My server updated Perl to v5.8.8 and CBC Crypt modules and now my scripts get this

Ciphertext does not begin with a valid header for 'salt' header mode

Here is my code

my $key = 'mysecretkey16384';

my $cipher = new Crypt::CBC($key,'Rijndael_PP');

my $plaintext = $cipher->decrypt_hex($code);

my ($uid,$pwd, $expire, $sessionExpire, $item) = split( /\|/, $plaintext);

  • Comment on Ciphertext does not begin with a valid header for 'salt' header mode at

Replies are listed 'Best First'.
Re: Ciphertext does not begin with a valid header for 'salt' header mode at...
by Athanasius (Archbishop) on Feb 08, 2017 at 06:19 UTC

    Hello bNathan, and welcome to the Monastery!

    The change log for Crypt::CBC contains this entry for version 2.17:

    2.17    Mon Jan  9 18:22:51 EST 2006
        -IMPORTANT NOTE: Versions of this module prior to 2.17 were in
+correctly
        using 8 byte IVs when generating the old-style RandomIV style 
+header
        (as opposed to the new-style random salt header). This affects
+ data
        encrypted using the Rijndael algorithm, which has a 16 byte bl
+ocksize,
        and is a significant security issue.
 
        The bug has been corrected in versions 2.17 and higher by maki
+ng it
        impossible to use 16-byte block ciphers with RandomIV headers.
+ You may
        still read legacy encrypted data by explicitly passing the 
        -insecure_legacy_decrypt option to Crypt::CBC->new().

    [download]

    See also the PerlMonks thread Salt issue from 2013.

    Hope that helps,

    Athanasius <°(((><contra mundum Iustus alius egestas vitae, eros Piratica,

[reply]
[d/l]

Back to Seekers of Perl Wisdom