Re: Differences on output between OpenSSL and CryptoTool

Tue, 29 Oct 2013 09:31:47 -0700 

Thanks guys! really learning cool stuff.... I will take it from here and
appreciate your time.

btw a interesting phenomenon where encrypting with the same key reveals the
plaintext.


echo -n 'deadbeef' > topsecret.txt
xxd topsecret.txt
6465 6164 6265 6566

openssl enc -des-cbc -nosalt -nopad -K 0101010101010101 -iv
0000000000000000 -in topsecret.txt -out topsecret.bin

xxd topsecret.bin
76bc d756 4077 8e6a

openssl enc -des-cbc -nosalt -nopad -K 0101010101010101 -iv
0000000000000000 -in topsecret.bin -out topsecret.bin2

xxd topsecret.bin2
6465 6164 6265 6566




On Tue, Oct 29, 2013 at 4:27 PM, Viktor Dukhovni <openssl-us...@dukhovni.org
> wrote:

> On Tue, Oct 29, 2013 at 03:54:50PM +0100, Luis Rocha wrote:
>
> > The X.923 padding attaches to a complete message block another block of
> > zeros: A = 00 00 00 00 00 00 00 00
>
> I would expect the last padding byte to be 08, not 00, since 8 padding
> bytes were added.  PKCS#7 padding for the same complete block would be:
>
>      08 08 08 08 08 08 08 08
>
> > $echo -n 'aaaaaaaa' > topsecret.txt
> > $xxd topsecret.txt
> > 6161 6161 6161 6161
> >
> > Then encrypted it with a weak key and iv = 0.
> > openssl enc -des-cbc -K 0101010101010101 -iv 0000000000000000 -nosalt -in
> > topsecret.txt | xxd
> > f90a ba97 690c af10 ea3b c77a e91d efe2
>
> Which decrypts to:
>
>     $ perl -e '
>         $x="f90aba97690caf10ea3bc77ae91defe2";
>         $x =~ s/(..)/chr(hex($1))/eg; print $x;' |
>         openssl enc -d -nopad -des-ecb -K 0101010101010101 |
>         od -tx1
>     0000000    61  61  61  61  61  61  61  61  f1  02 b2  9f  61  04  a7
>  18
>     0000020
>
> which is what we expect, since XOR of 08 into each byte of the last block
> yields the first block of ciphertext.
>
> > Made the same exercise in the tool:
> > In the tool (GUI) using DES CBC mode with the same key '0101010101010101'
> > the output is:
> > F90A BA97 690C AF10 6161 6161 6161 6161
>
> Well it is certainly rather unexpected, to say the least, for the
> ciphertext of a full block to contain the plaintext as its second
> block.  OpenSSL is working correctly.  Your CrypTool is not.  Help
> with using CrypTool is likely a topic for another list.
>
> --
>         Viktor.
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org
>

Reply via email to