des.inc is not "free"

Sun, 18 Mar 2007 08:57:57 -0800 

Hi !

We are packaging  RoundCube for Debian and we  have found that des.inc
does  not have  any license.   This makes  RoundCube non-free.  I have
contacted  the author  of des.inc  (Paul Tero)  but I  did not  get an
answer.

To package it in Debian, we  have applied the attached patch that uses
libmcrypt instead of des.inc. des.inc  claims to use Triple-DES but it
seems that  this is not the case.  We don't get the  same results with
libmcrypt. I have  tried with OpenSSL as well and  the result does not
match either (but it matches the result of libmcrypt). This is another
argument to use libmcrypt instead of des.inc.

The incompatibility means that  users need to disconnect and reconnect
after upgrade. This  is a pretty minor issue.  Please, could you apply
this patch on RoundCube as well ?


--- roundcube_0.1~beta2.2/program/include/main.inc	2006-12-22 23:26:24.000000000 +0100
+++ roundcube_0.1~beta2.2/program/include/main.inc	2007-03-18 10:24:11.000000000 +0100
@@ -758,7 +758,13 @@
 // encrypt IMAP password using DES encryption
 function encrypt_passwd($pass)
   {
-  $cypher = des(get_des_key(), $pass, 1, 0, NULL);
+  $td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, "");
+  $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
+  mcrypt_generic_init($td, get_des_key(), $iv);
+  $cypher = mcrypt_generic($td, $pass);
+  mcrypt_generic_end($td);
+  mcrypt_module_close($td);
+  
   return base64_encode($cypher);
   }
 
@@ -766,8 +772,14 @@
 // decrypt IMAP password using DES encryption
 function decrypt_passwd($cypher)
   {
-  $pass = des(get_des_key(), base64_decode($cypher), 0, 0, NULL);
-  return preg_replace('/\x00/', '', $pass);
+  $td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, "");
+  $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
+  mcrypt_generic_init($td, get_des_key(), $iv);
+  $pass = mdecrypt_generic($td, base64_decode($cypher));
+  mcrypt_generic_end($td);
+  mcrypt_module_close($td);
+
+  return $pass;
   }
 
 

-- 
BOFH excuse #234: Someone is broadcasting pigmy packets and the router
dosn't know how to deal with them.

Reply via email to