CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Advanced:
Crypt::CBC and portability to C programs

 



914
Deleted

Jul 31, 2000, 11:08 AM

Post #1 of 4 (3039 views)
Crypt::CBC and portability to C programs Can't Post

Ahoy there....

i hope someone can help me with this one..

i need to encrypt some cookies, that are to be handed to whatever browser a visitor is using.

just a simple string to be encrypted.

i decided on Blowfish, as it's a strong algorithm and there are both C and Perl implementations (Crypt::Blowfish and libmcrypt)

Now, as we all know, in order to encrypt strings of arbitrary length, one must use CBC or something similar..

so, i use Crypt:CBC, with the blowfish algorithm. cool.

the problem seems to be that CBC takes the key value that you give it, and hashes it with MD5 in some nonstandard (?) way, and uses that for the actual key.

this is bad, because now i can't use a C program to decrypt that cookie...

anyone know of a possible solution?
here's the doc on Crypt::CBC http://theoryx5.uwinnipeg.ca/CPAN/data/Crypt-CBC/CBC.html


914
Deleted

Jul 31, 2000, 10:26 PM

Post #2 of 4 (3039 views)
Re: Crypt::CBC and portability to C programs [In reply to] Can't Post

Thanks guys..

i'll take a harder look at twofish, i hadn't considered it before because of the somewhat stringent requirements.
to wit:
1) available libs for both C and Perl (but libmcrypt has twofish, so this is cool)

2) be relatively efficient. the C versions that have to decrypt the cookies will be executed a million or so times a day. it's a very busy site, and our hardware is far from bleeding edge.

3) be relatively easy to understand. i'm a duffer when it comed to Perl.

If it comes right down to it, i'll do just what Kanji suggests and hack my C code to match whatever the Perl is doing, but i'd prefer a 'cleaner' implementation. Embedding Perl into the C prog is not really an option, since the reason C was chosen in the first place had to do with the high number of execution/sec and performance.....

thanks again guys...


mckhendry
Deleted

Aug 1, 2000, 6:54 AM

Post #3 of 4 (3039 views)
Re: Crypt::CBC and portability to C programs [In reply to] Can't Post

you might want to look at Twofish instead. It is the successor to Blowfish, was developed by the same guys, and is currently being considered as one of the five finalist for the Advanced Encryption Standard (AES). It doesn't use MD5, and CBC is optionally to use (or should I say highly recommended). The perl module is called Twofish2.pm. Hope this helps.

[This message has been edited by mckhendry (edited 08-01-2000).]


Kanji
User / Moderator

Aug 1, 2000, 8:21 AM

Post #4 of 4 (3039 views)
Re: Crypt::CBC and portability to C programs [In reply to] Can't Post

You could always paw through the Crypt::CBC source to see what it's doing so you can adjust your C to match and/or embed perl into your C prog/

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives