> Hi OpenSSL Developers,
>
> (cc Jon Schull)
>
> I'm a relative newbie at encryption, capable of using and wrapping
> crypto software, but with no depth of background in its technicalities.
>
> I got an email yesterday from a user of one of my wrappers, who reported
> a strange quirk in Blowfish (forgive me if the issue has already been
> thrashed on these lists).
>
> Apparently, if data is encrypted with a Blowfish key which consists of
> one or more repetitions of a pattern, then *any* string consisting of
> one or more repetitions of the same pattern can be used as a key that
> will successfully decrypt the data.
Correct.
> To eliminate my wrapper from suspicion, I wrote a test prog which calls
> the OpenSSL libcrypto routines directly (program at end of this
> message).
>
> The following key combinations result in successful decryption:
>
> Encryption Key: fredfred
> Decryption Key: fred
>
> Encryption Key: abcabc
> Decryption Key: abcabcabc
>
> I need to ask:
>
> 1) Is this a known issue? If so, what's the verdict?
Yes, this is by design. Blowfish requires a key of a particular length and
if the key is too short, it enlarges it by repeating it.
> 4) How does this affect the overall security of BF? Is it a matter of
> telling the client to choose decent keys (that aren't repeating
> patterns), or are there deeper issues that would warrant switching to
> another symmetric cipher?
For any cipher, you have to choose decent keys. If someone knows the
encryption key, they can decrypt. If someone knows 'fred', they know
'fredfred' and 'fredfredfred'. If you don't want someone to decrypt your
data, make sure they don't know your key.
> 5) I chose OpenSSL's Blowfish because it's fast, simple, and (through
> CFB mode and stored IV/count) can encrypt/decrypt arbitrary-sized
> blocks, and thus doesn't have that annoying n-byte granularity. Can I
> use OpenSSL's BF with confidence? What constraints should I observe?
Yes.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
