Crypt::CBC vs individual cipher module differs?

W

Waylen Gumbal

I noticed that if I use a "CBC compatible" crypt module directly, I get
a normal expected result. But if I use CBC with the same cipher type on
the same key and plaintext I get a completely different result.

I've been up and down the perldoc for Crypt::CBC and just can't figure
out why the results differ so much. Because they differ so much you
can't use one method to decrypt the other.

For example:

use Crypt::CBC;
use Crypt::OpenSSL::AES;

$key = 'secretpassphrase';
$text = 'Crypt Test #0001';

my $en1 = new Crypt::OpenSSL::AES($key)->encrypt($text);

my $en2 = new Crypt::CBC(
-key => $key, -cipher => 'Crypt::OpenSSL::AES'
)->encrypt($text);

my $en1h = unpack('H*', $en1);
my $en2h = unpack('H*', $en2);

print "OpenSSL AES\n[$en1h]\n\n";
print "AES via CBC\n[$en2h]\n\n";


__OUTPUT__
OpenSSL AES
[e1f461cdc00f4855b9b2c0367cd3a293]

AES via CBC
[53616c7465645f5f36dd0b8d9b84e278382b8cd329f7020b545c3595c239284d37d4e3dc2d6a2fc97d375675b793b357]


Thanks.
 
K

keith

I noticed that if I use a "CBC compatible" crypt module directly, I get
a normal expected result. But if I use CBC with the same cipher type on
the same key and plaintext I get a completely different result.
Click to expand...
__OUTPUT__
OpenSSL AES
[e1f461cdc00f4855b9b2c0367cd3a293]

AES via CBC
[53616c7465645f5f36dd0b8d9b84e278382b8cd329f7020b545c3595c239284d37d4e3dc2d6a2fc97d375675b793b357]
Click to expand...

Without knowing exactly how those particular modules do what they do,
the first thing that occurs to me is that nowhere are you providing an
initialisation vector, so presumably the modules are generating a
random IV. That will give you totally different ciphertext. The
lengths _may_ be different because the latter attempt is prepending
the ciphertext with the IV, which is required for decryption.

Just my 2 pennyworth...
 
W

Waylen Gumbal

I noticed that if I use a "CBC compatible" crypt module directly, I
get a normal expected result. But if I use CBC with the same cipher
type on the same key and plaintext I get a completely different
result.
Click to expand...
__OUTPUT__
OpenSSL AES
[e1f461cdc00f4855b9b2c0367cd3a293]

AES via CBC
[53616c7465645f5f36dd0b8d9b84e278382b8cd329f7020b545c3595c239284d37d4e3dc2d6a2fc97d375675b793b357]
Click to expand...

Without knowing exactly how those particular modules do what they do,
the first thing that occurs to me is that nowhere are you providing an
initialisation vector, so presumably the modules are generating a
random IV. That will give you totally different ciphertext. The
lengths _may_ be different because the latter attempt is prepending
the ciphertext with the IV, which is required for decryption.

Just my 2 pennyworth...
Click to expand...

I tried using different values for the -iv parameter for CBC but I can't
seem to find a way to get the same value using the cipher module
straight does. I want them to be compatible for each other and frankly
the fact that they give completely different results seems to defy the
point of using CBC, doesn't it?
 
W

Waylen Gumbal

Mark said:
I noticed that if I use a "CBC compatible" crypt module directly, I
get a normal expected result. But if I use CBC with the same cipher
type on the same key and plaintext I get a completely different
result.

I've been up and down the perldoc for Crypt::CBC and just can't
figure out why the results differ so much. Because they differ so
much you can't use one method to decrypt the other.

For example:

use Crypt::CBC;
use Crypt::OpenSSL::AES;

$key = 'secretpassphrase';
$text = 'Crypt Test #0001';

my $en1 = new Crypt::OpenSSL::AES($key)->encrypt($text);

my $en2 = new Crypt::CBC(
-key => $key, -cipher => 'Crypt::OpenSSL::AES'
)->encrypt($text);

my $en1h = unpack('H*', $en1);
my $en2h = unpack('H*', $en2);

print "OpenSSL AES\n[$en1h]\n\n";
print "AES via CBC\n[$en2h]\n\n";


__OUTPUT__
OpenSSL AES
[e1f461cdc00f4855b9b2c0367cd3a293]

AES via CBC
[53616c7465645f5f36dd0b8d9b84e278382b8cd329f7020b545c3595c239284d37d4e3dc2d6a2fc97d375675b793b357]
Click to expand...

Waylen,

try -literal_key => 1,

that way you prevent CBC from hashing your key. I don't have the info
at hand, but I remember that for AES

blocklength = 128
and keysize is much longer than the 16 bytes from MD5 (used by CBC).

Further your key length should be controlled, not simply some string.
You can control by hashing outside of CBC and inline of your code.
Click to expand...

Thank you for replying.

I added -literal_key => 1 and I got the error:

"Cannot use salt-based key generation if literal key is specified"


I went back to perldoc and so added -header => 'none' and now I get:

"You must provide an initialization vector using -iv when
using -header=>'none'"


I'm assuming I am going the right direction in using -header => 'none'
but if so, I'm not sure how to apply -iv so I get the same result I
would from the cipher class directly.

Thanks again.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Decrypting in Javascript 8
Decrypting using Javascript 0
encrypt with perl, decrypt with ruby, 3 days and counting... 2
Making Perl Crypt::CBC work with PHP mcrypt_cbc() 1
Output confusion 2
Padding Problem with Blowfish and Crypt::CBC and Java Cipher 6
En/Decrypt Mismatch: Command-Line Tool vs. Crypt::OpenSSL::RSA 1
encryption 2

Members online

No members online now.
Total: 52 (members: 1, guests: 51)
Robots: 453

Forum statistics

Threads
473,994
Messages
2,570,223
Members
46,813
Latest member
lawrwtwinkle111

Latest Threads

Top