CGI/Perl Guide | Learning Center | Forums | Advertise | Login Site Search: in Perl Guide PerlGuru Forums Learning Ctr

	MAIN INDEX	SEARCH POSTS	WHO'S ONLINE	LOG IN

Home: Perl Programming Help: Advanced: Crypt::CBC and portability to C programs

914 Deleted Jul 31, 2000, 11:08 AM Post #1 of 4 (2377 views) Crypt::CBC and portability to C programs Can't Post Ahoy there.... i hope someone can help me with this one.. i need to encrypt some cookies, that are to be handed to whatever browser a visitor is using. just a simple string to be encrypted. i decided on Blowfish, as it's a strong algorithm and there are both C and Perl implementations (Crypt::Blowfish and libmcrypt) Now, as we all know, in order to encrypt strings of arbitrary length, one must use CBC or something similar.. so, i use Crypt:CBC, with the blowfish algorithm. cool. the problem seems to be that CBC takes the key value that you give it, and hashes it with MD5 in some nonstandard (?) way, and uses that for the actual key. this is bad, because now i can't use a C program to decrypt that cookie... anyone know of a possible solution? here's the doc on Crypt::CBC http://theoryx5.uwinnipeg.ca/CPAN/data/Crypt-CBC/CBC.html

914 Deleted Jul 31, 2000, 10:26 PM Post #2 of 4 (2377 views) Re: Crypt::CBC and portability to C programs [In reply to] Can't Post Thanks guys.. i'll take a harder look at twofish, i hadn't considered it before because of the somewhat stringent requirements. to wit: 1) available libs for both C and Perl (but libmcrypt has twofish, so this is cool) 2) be relatively efficient. the C versions that have to decrypt the cookies will be executed a million or so times a day. it's a very busy site, and our hardware is far from bleeding edge. 3) be relatively easy to understand. i'm a duffer when it comed to Perl. If it comes right down to it, i'll do just what Kanji suggests and hack my C code to match whatever the Perl is doing, but i'd prefer a 'cleaner' implementation. Embedding Perl into the C prog is not really an option, since the reason C was chosen in the first place had to do with the high number of execution/sec and performance..... thanks again guys...

mckhendry Deleted Aug 1, 2000, 6:54 AM Post #3 of 4 (2377 views) Re: Crypt::CBC and portability to C programs [In reply to] Can't Post you might want to look at Twofish instead. It is the successor to Blowfish, was developed by the same guys, and is currently being considered as one of the five finalist for the Advanced Encryption Standard (AES). It doesn't use MD5, and CBC is optionally to use (or should I say highly recommended). The perl module is called Twofish2.pm. Hope this helps. [This message has been edited by mckhendry (edited 08-01-2000).]

Kanji User / Moderator Aug 1, 2000, 8:21 AM Post #4 of 4 (2377 views) Re: Crypt::CBC and portability to C programs [In reply to] Can't Post You could always paw through the Crypt::CBC source to see what it's doing so you can adjust your C to match and/or embed perl into your C prog/

Announcements     PerlGuru Announcements Perl Programming Help     Frequently Asked Questions     Beginner     Intermediate     Advanced     Regular Expressions     mod_perl     DBI     Win32 Programming Help Fun With Perl     Perl Quizzes - Learn Perl the Fun Way     Perl Golf     Perl Poetry Need a Custom or Prewritten Perl Program?     I need a program that...     I Need a Programmer for Freelance Work     Throw Down The Gauntlet General Discussions     General Questions     Feedback     Tutorial/Article Suggestions for The Learning Cent     Internet Security Other Programming Languages     Javascript     PHP

Search this forum this category all forums for All words Any words Whole Phrase (options)

Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives