On Sun, Jul 14, 2013 at 9:46 PM, Paul DeBruicker <[email protected]> wrote:
> > Hi Mariano, > > You shouldn't use it. Its broken. I didn't realize until just now. But I > also haven't been using it. > > ohh what a pity :( I was planning to use it! > > To encrypt the db password do > > enc:=Blowfish encryptString:'myDbPassword' with: 'mySecretKey' > > and to decrypt it later do > > Blowfish decryptToString: enc with: 'mySecretKey' > > I tried that. But..in my case, the "enc" I should store it in a file, so I need the string rather than the bytearray. So I did: | enc encryptedString decr decrString | enc:=Blowfish encryptString:'test' with: 'mySecretKey'. encryptedString := enc asByteArray asString. Transcript show: ' encrypted: ', encryptedString; cr. and encryptedString is that I would store in the file. And then to decrypt: decr := Blowfish decryptString: encryptedString with: 'mySecretKey'. decrString := decr asByteArray asString. Transcript show: ' decrypted: ', decrString; cr. but there are several problems: 1) I cannot encrypt passwords smaller than 8 characters neither bigger (as you noted). Not a big problem. But I may be using this same algorithm for something else in where I may have smaller paswords (but I am not sure). 2) I am not sure I am doing fine with the encoding and the strings... (conversion between bytearray and string) 3) the decryption doesn't work for me... :( If you fix, please let me know!! If I can help/test, also. Thanks, > > But if you decrypt it with the key '1234' you get > > 'ë "~ýãîfword' > > which shows its only encrypting the first 8 bytes. And if your db password > is 30 chars long like this one: > > '123456789012345678901234567890' then the leaked info is the last 22 > numbers. > > The tests aren't covering this error yet. I'll mess with it sometime soon > and get it sorted but for now its broken and shouldn't be used. Unless > your > DB password is 8 bytes or less. > > > > > > > > > -- > View this message in context: > http://forum.world.st/Pharo-dev-Recommendation-for-password-encryption-tp4698499p4698682.html > Sent from the Pharo Smalltalk Developers mailing list archive at > Nabble.com. > > -- Mariano http://marianopeck.wordpress.com
