Crypt::CBC vs individual cipher module differs?

Discussion in 'Perl Misc' started by Waylen Gumbal, Mar 3, 2008.

  1. I noticed that if I use a "CBC compatible" crypt module directly, I get
    a normal expected result. But if I use CBC with the same cipher type on
    the same key and plaintext I get a completely different result.

    I've been up and down the perldoc for Crypt::CBC and just can't figure
    out why the results differ so much. Because they differ so much you
    can't use one method to decrypt the other.

    For example:

    use Crypt::CBC;
    use Crypt::OpenSSL::AES;

    $key = 'secretpassphrase';
    $text = 'Crypt Test #0001';

    my $en1 = new Crypt::OpenSSL::AES($key)->encrypt($text);

    my $en2 = new Crypt::CBC(
    -key => $key, -cipher => 'Crypt::OpenSSL::AES'
    )->encrypt($text);

    my $en1h = unpack('H*', $en1);
    my $en2h = unpack('H*', $en2);

    print "OpenSSL AES\n[$en1h]\n\n";
    print "AES via CBC\n[$en2h]\n\n";


    __OUTPUT__
    OpenSSL AES
    [e1f461cdc00f4855b9b2c0367cd3a293]

    AES via CBC
    [53616c7465645f5f36dd0b8d9b84e278382b8cd329f7020b545c3595c239284d37d4e3dc2d6a2fc97d375675b793b357]


    Thanks.

    --
    WG
    Waylen Gumbal, Mar 3, 2008
    #1
    1. Advertising

  2. Waylen Gumbal

    Guest

    On 3 Mar, 00:01, "Waylen Gumbal" <> wrote:
    > I noticed that if I use a "CBC compatible" crypt module directly, I get
    > a normal expected result. But if I use CBC with the same cipher type on
    > the same key and plaintext I get a completely different result.
    >

    <snip>
    > __OUTPUT__
    > OpenSSL AES
    > [e1f461cdc00f4855b9b2c0367cd3a293]
    >
    > AES via CBC
    > [53616c7465645f5f36dd0b8d9b84e278382b8cd329f7020b545c3595c239284d37d4e3dc2d6a2fc97d375675b793b357]


    Without knowing exactly how those particular modules do what they do,
    the first thing that occurs to me is that nowhere are you providing an
    initialisation vector, so presumably the modules are generating a
    random IV. That will give you totally different ciphertext. The
    lengths _may_ be different because the latter attempt is prepending
    the ciphertext with the IV, which is required for decryption.

    Just my 2 pennyworth...
    , Mar 3, 2008
    #2
    1. Advertising

  3. wrote:
    > On 3 Mar, 00:01, "Waylen Gumbal" <> wrote:
    >> I noticed that if I use a "CBC compatible" crypt module directly, I
    >> get a normal expected result. But if I use CBC with the same cipher
    >> type on the same key and plaintext I get a completely different
    >> result.
    >>

    > <snip>
    >> __OUTPUT__
    >> OpenSSL AES
    >> [e1f461cdc00f4855b9b2c0367cd3a293]
    >>
    >> AES via CBC
    >> [53616c7465645f5f36dd0b8d9b84e278382b8cd329f7020b545c3595c239284d37d4e3dc2d6a2fc97d375675b793b357]

    >
    > Without knowing exactly how those particular modules do what they do,
    > the first thing that occurs to me is that nowhere are you providing an
    > initialisation vector, so presumably the modules are generating a
    > random IV. That will give you totally different ciphertext. The
    > lengths _may_ be different because the latter attempt is prepending
    > the ciphertext with the IV, which is required for decryption.
    >
    > Just my 2 pennyworth...


    I tried using different values for the -iv parameter for CBC but I can't
    seem to find a way to get the same value using the cipher module
    straight does. I want them to be compatible for each other and frankly
    the fact that they give completely different results seems to defy the
    point of using CBC, doesn't it?

    --
    WG
    Waylen Gumbal, Mar 3, 2008
    #3
  4. Mark Pryor wrote:
    > On Sun, 02 Mar 2008 16:01:42 -0800, Waylen Gumbal wrote:
    >
    >> I noticed that if I use a "CBC compatible" crypt module directly, I
    >> get a normal expected result. But if I use CBC with the same cipher
    >> type on the same key and plaintext I get a completely different
    >> result.
    >>
    >> I've been up and down the perldoc for Crypt::CBC and just can't
    >> figure out why the results differ so much. Because they differ so
    >> much you can't use one method to decrypt the other.
    >>
    >> For example:
    >>
    >> use Crypt::CBC;
    >> use Crypt::OpenSSL::AES;
    >>
    >> $key = 'secretpassphrase';
    >> $text = 'Crypt Test #0001';
    >>
    >> my $en1 = new Crypt::OpenSSL::AES($key)->encrypt($text);
    >>
    >> my $en2 = new Crypt::CBC(
    >> -key => $key, -cipher => 'Crypt::OpenSSL::AES'
    >> )->encrypt($text);
    >>
    >> my $en1h = unpack('H*', $en1);
    >> my $en2h = unpack('H*', $en2);
    >>
    >> print "OpenSSL AES\n[$en1h]\n\n";
    >> print "AES via CBC\n[$en2h]\n\n";
    >>
    >>
    >> __OUTPUT__
    >> OpenSSL AES
    >> [e1f461cdc00f4855b9b2c0367cd3a293]
    >>
    >> AES via CBC
    >>

    > [53616c7465645f5f36dd0b8d9b84e278382b8cd329f7020b545c3595c239284d37d4e3dc2d6a2fc97d375675b793b357]
    >>

    >
    > Waylen,
    >
    > try -literal_key => 1,
    >
    > that way you prevent CBC from hashing your key. I don't have the info
    > at hand, but I remember that for AES
    >
    > blocklength = 128
    > and keysize is much longer than the 16 bytes from MD5 (used by CBC).
    >
    > Further your key length should be controlled, not simply some string.
    > You can control by hashing outside of CBC and inline of your code.


    Thank you for replying.

    I added -literal_key => 1 and I got the error:

    "Cannot use salt-based key generation if literal key is specified"


    I went back to perldoc and so added -header => 'none' and now I get:

    "You must provide an initialization vector using -iv when
    using -header=>'none'"


    I'm assuming I am going the right direction in using -header => 'none'
    but if so, I'm not sure how to apply -iv so I get the same result I
    would from the cipher class directly.

    Thanks again.

    --
    WG
    Waylen Gumbal, Mar 8, 2008
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AdrianK
    Replies:
    0
    Views:
    1,526
    AdrianK
    Jul 9, 2003
  2. Cosmia Luna
    Replies:
    4
    Views:
    318
    Cosmia Luna
    Mar 11, 2012
  3. Hal Vaughan
    Replies:
    6
    Views:
    1,046
    Hal Vaughan
    Sep 5, 2005
  4. Replies:
    1
    Views:
    173
  5. Hal Vaughan

    Problem With Crypt::CBC

    Hal Vaughan, Aug 20, 2008, in forum: Perl Misc
    Replies:
    3
    Views:
    185
    Eric Pozharski
    Aug 20, 2008
Loading...

Share This Page