Re: Crypt::CBC, Blowfish and Salt problem

From the Crypt::CBC Changes file (emphasis added):

2.17    Mon Jan  9 18:22:51 EST 2006
        -IMPORTANT NOTE: Versions of this module prior to 2.17 were incorrectly
        using 8 byte IVs when generating the old-style RandomIV style header
        (as opposed to the new-style random salt header). This affects data
        encrypted using the Rijndael algorithm, which has a 16 byte blocksize,
        and is a significant security issue.

        The bug has been corrected in versions 2.17 and higher by making it
        impossible to use 16-byte block ciphers with RandomIV headers. You may
        still read legacy encrypted data by explicitly passing the 
        -insecure_legacy_decrypt option to Crypt::CBC->new().

Comment on Re: Crypt::CBC, Blowfish and Salt problem Download Code

Replies are listed 'Best First'.
Re^2: Crypt::CBC, Blowfish and Salt problem by samtregar (Abbot) on Feb 18, 2008 at 22:51 UTC
I think that's just for Rinjdael. He's using Blowfish, so he shouldn't need that. -sam	[reply]
Re^2: Crypt::CBC, Blowfish and Salt problem by Anonymous Monk on Feb 18, 2008 at 23:03 UTC
Thanks... I tried that, here is my new code at the end of the subroutine: `my $cipher = Crypt::CBC->new( -key => $key, -cipher => 'Blowfish', -salt => 1, -insecure_legacy_decrypt => 1 );` [download] Now I get the following message, even if I take out the `-salt=>1` Ciphertext does not begin with a valid header for 'salt' header mode Any other ideas? Thank you, Richard	[reply] [d/l] [select]
Re^3: Crypt::CBC, Blowfish and Salt problem by almut (Canon) on Feb 18, 2008 at 23:27 UTC
What Sam wrote above sounds like a good hypothesis... Have you tried that? If all else fails, you might also consider downgrading to pre-2.17 (temporarily, to get operational again) and then work out a way to migrate your old encrypted data to the new style usage/encoding. For that, it's probably a good idea to install the old version into some private location, and then put `use lib "/path/to/old/module";` at the top of the script.	[reply] [d/l]
Re^4: Crypt::CBC, Blowfish and Salt problem by Anonymous Monk on Feb 18, 2008 at 23:37 UTC
yeah I thought of that, but I don't see where to get 2.16 at... any ideas? thanks, Richard	[reply]
Re^5: Crypt::CBC, Blowfish and Salt problem by almut (Canon) on Feb 18, 2008 at 23:47 UTC
Re^6: Crypt::CBC, Blowfish and Salt problem by Anonymous Monk on Feb 19, 2008 at 00:32 UTC
Some notes below your chosen depth have not been shown here
Re^4: Crypt::CBC, Blowfish and Salt problem by Anonymous Monk on Aug 19, 2008 at 20:51 UTC
If you take out the -salt = >1 and add: -header => 'randomiv' it works.	[reply]