Re: Crypt Blowfish


Welcome to the Monastery
	PerlMonks

Re: Crypt Blowfish

by hawtin (Prior)

on Jul 15, 2008 at 22:43 UTC ( [id://697817]=note: print w/replies, xml )

Need Help??

in reply to Crypt Blowfish

If you use Blowfish directly you must also remember to supply data in the 8 byte chunks it wants. Here is another example of a working implementation:

# First encode $f2 into $f1 Encode data
my $cipher =  new Crypt::Blowfish $model_passphrase;

# Pad $f1 to the next 8 byte boundary
if((length($f2) % 8) != 0)
  {
    $f2 .= "\x00" x (8 - (length($f2) % 8));
  }

for(my $i=0;8*$i<length($f2);$i++)
  {
    $f1 .= $cipher->encrypt(substr($f2,8*$i,8));
  }

# Since we have to work on Windows don't forget
# the binmode() on the file handle

# Now to decode $f1 into $f2
if((length($f1) % 8) != 0)
  {
    $f1 .= "\x00" x (8 - (length($f1) % 8));
  }

my $cipher =  new Crypt::Blowfish $model_passphrase;
for(my $i=0;(8*$i)<length($f1);$i++)
  {
    $f2 .= $cipher->decrypt(substr($f1,8*$i,8));
  }
$f2 =~ s/\x00+$//s;
[download]

Comment on Re: Crypt Blowfish Download Code

Replies are listed 'Best First'.

Re^2: Crypt Blowfish
by ikegami (Patriarch) on Jul 16, 2008 at 05:48 UTC

Very bad recommendation. You added padding, but you're neither salting nor chaining. You are seriously undermining the encryption by using it directly instead of using Crypt::CBC.

By avoiding Crypt::CBC, you're actually making the code longer and much more complex, risking the addition of errors and making it harder to maintain.

It's not just speculative either. You added a bug. Any input matching /\x00\n?\z/ cannot be encoded.

Blowfish is a secure algorithm, but like all algorithms, they're only secure when used properly.

[reply]

In Section Seekers of Perl Wisdom