decryption problem

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I changed servers, and copied all files over. There was no operating system change, and I make sure all the modules were installed on the new server.

Now on the new server, some clients when they login, get this message: "Argument to -salt must be exactly 8 bytes long"

The strange thing is that not all of them have that problem.

I am using Crypt::CBC, here is my subroutine:


sub decrypt
{
my $ciphertext = shift;
my $key = "somekeyhere";
my $cipher = Crypt::CBC->new( -key    => $key,
                             -cipher => 'Blowfish',
                             -salt => 1
                           );


return ($cipher->decrypt_hex ($ciphertext));
}
[download]

I would appreciate any help. I have read and re-read the docs, I ahve changed the -salt value from 1 to leaving it blank, but I'm dumbfounded about this. I cannot duplicate it because it does not happen every time, which is soooo strange.

Thank you in advance,
Rick

Comment on decryption problem Download Code

Replies are listed 'Best First'.
Re: decryption problem by moritz (Cardinal) on Aug 30, 2007 at 06:42 UTC
You could try to use pack to create an eight byte long binary string containing a 1 as least significant bit. That should work like this: `pack "N N", 0, 1` but I must admit I haven't tested it.	[reply] [d/l]
Re: decryption problem by andyford (Curate) on Aug 30, 2007 at 18:12 UTC
Assuming (naively, perhaps!) that the error actually is reporting the problem accurately, and just from general principles, you wouldn't think that a client could modify your hard-coded salt value. Did you check for some other instance of salt where it's a variable supplied by the client? I noticed in the module docs that the salt option has something to do with OpenSSL. Could your OpenSSL version have changed in the server switch? Can you work up a complete broken example? non-Perl: Andy Ford	[reply]
Re^2: decryption problem by Anonymous Monk on Aug 31, 2007 at 15:12 UTC
Yes, the OpenSSL version may have changed. Should I require everyone to change their password, so that it will update the 'salt'? I don't know how it stores the salt, maybe as part of the encrypted string, but I don't know enough about it. I will see if I can find out the version differences. Now what about data I cannot access at all, because of the salt problem? Is it just lost without hope? Thank again! Rick	[reply]
Re^3: decryption problem by andyford (Curate) on Aug 31, 2007 at 16:33 UTC
What about installing the old server's version of OpenSSL? Sorry I'm not much help, I've never used encryption directly like this, I'm just helping you guess. non-Perl: Andy Ford	[reply]
Re: decryption problem by ikegami (Patriarch) on Aug 31, 2007 at 15:38 UTC
The code generating the error in question is `croak "Argument to -salt must be exactly 8 bytes long" if defined $sal +t && length $salt != 8 && $salt ne '1';` [download] The condition for the error message hasn't changed since the error message was introduced in 2.17. You shouldn't get the error when using `-salt => 1`. Presumably, the error is elsewhere.	[reply] [d/l] [select]