Symmetric encryption question

Printable View

April 11th, 2003, 04:31 PM
roswell1329

Symmetric encryption question

I know when using an asymmetric encryption algorithm like RSA, you need to generate a key pair (public and private) that have a mathematical correlation for message encryption, but when using a symmetric encryption algorithm like Blowfish, can the key be basically any string of printable characters as long as the same key is used for both encryption and decryption?
April 11th, 2003, 04:34 PM
tampabay420

yes, i think it can be any char who's val is <= 255...
or at least with blowfish, thats how it is?
am i understanding your question?
April 11th, 2003, 04:59 PM
roswell1329

I'm just playing around with the Crypt::Blowfish module in Perl, and it's asking for a key. The specs on the algorithm suggest I can use any key between 8bytes and 56bytes. When I use a random string smaller than 8 bytes I get an error saying "input must be 8 bytes long". When I put in a string greater than 8 bytes, I get an "invalid key length" error. Weird...

The pod documentation example that came with the module uses pack to create a binary hex block out of a string of 16 characters...which would be 8 bits in hex, so this is obviously just an example. However, I tried packing a string of 112 random characters into a 56 high nybble hex block, and I get the "input must be 8 bytes long" error again. Any suggestions?
April 11th, 2003, 05:12 PM
tampabay420

hmmm, not right now... but let me check (i love the Crypt lib :))...
not to be nosey, but could you PM your example.pl so i can take a look?
April 11th, 2003, 05:15 PM
roswell1329

The code I'm using is really straight-forward:

#!/usr/bin/perl -w
use strict;
use Crypt::Blowfish;
my $key = pack("H56", "12004001208404a43f00502200b204602600c00001da894922433e46018004602404240109301008140000000142404002010000000000001J");
my $plaintext = "WARNING: THIS MESSAGE IS SUBJECT TO MONITORING BY THE UNITED
STATES DEPARTMENT OF HOMELAND DEFENSE.";
my $cipher = new Crypt::Blowfish $key;
my $ciphertext = $cipher->encrypt($plaintext);
print unpack("H56", $ciphertext),"\n";
my $decrypted = $cipher->decrypt($ciphertext);
print $decrypted, "\n";
April 11th, 2003, 06:19 PM
cyclops07

Hmm... the blowfish key length is variable and can be up to 448 bits.. you can count the aproximate char :)
April 11th, 2003, 08:23 PM
roswell1329

It looks like the algorithm can only encrypt 8byte strings, so I threw together a subroutine to parse through any size string 8bytes at a time. Concatenate them all together and you get a (fairly) safe encrypted string. Thanks everyone. I'll post the code here when I finish polishing it up.
April 14th, 2003, 02:02 PM
roswell1329

Here's the code:

Here's the code I came up with. Please keep in mind that for my purposes, this code is all I require, but this method has some big problems with it (namely the key to encrypt/decrypt hardcoded into the script!). However, it might be good for some folks to play with and modify to create something better. It should also be noted that the string produced by the Blowfish encryption algorithm usually contains non-printable characters, and I couldn't have those in my implementation, so during encryption I'm actually packing the resultant string into a space padded ASCII string, and then unpacking it into a hex string. During decryption, I pack the string back into a binary format. If anyone has any questions about this snippet, please let me know and I'll be happy to answer them:

#!/usr/bin/perl -w
use strict;
use Crypt::Blowfish;
my $i=0;
my $Blowfish_Key = "Qas42a41i1301348f2vvng012m";
my $Blowfish_Cipher = new Crypt::Blowfish $Blowfish_Key;

shift=~/\-e/?encrypt():decrypt();
exit;

sub encrypt
{
my $Username = $ARGV[0];
my $Password = $ARGV[1];
my $Encrypted = "";

for($i=0;$i!=-1;$i+=8)
{
my $linechunk=substr($Password, $i, 8);
$Encrypted.=unpack("H16",$Blowfish_Cipher->encrypt(pack("A8",$linechunk)));
if(length($linechunk)<7){ last; }
}
print $Encrypted,"\n";
}

sub decrypt
{
my $Retrieved = $ARGV[0];
my $Decrypted = "";

for($i=0;$i!=-1;$i+=16)
{
my $linechunk = substr($Retrieved, $i, 16);
if(length($linechunk)<1){ last; }
$Decrypted .= $Blowfish_Cipher->decrypt(pack("H16", $linechunk));
if(length($linechunk)<15){ last; }
}
print $Decrypted,"\n";
}
April 14th, 2003, 02:19 PM
tampabay420

Module Question

Hey, maybe i should start a new thread for this [?] but i was wondering...

just recently, perl has not been able to load some module(s)...
i reinstalled Perl in hopes that it would just clear up on it's own...
anyway- if anyone has seen this problem before...
Perl 5.8.0
Build 805
April 14th, 2003, 02:24 PM
roswell1329

You need to make sure you have the module you're calling in one of your lib directories (C:\Perl\lib, and C:\Perl\site\lib). I don't believe the Blowfish module comes standard with Perl, so you may have to grab it off of CPAN.
April 14th, 2003, 03:33 PM
tampabay420

yes, roswell1329- i'm well aware that i need the module...
I've installed/used this & other modules many times...
this only just started happening? (prolly since the upgrade to 5.8)
thanks anyway :D
April 14th, 2003, 03:41 PM
roswell1329

D'oh! Sorry. Didn't mean to sound condescending. :bigsmile:

That is a strange error if you've loaded the module already. I wonder if the Win32 port of Perl uses the registry to store most of it's environment variables, and if that registry key has become corrupted?