Mariano Martinez Peck wrote > On Sun, Jul 14, 2013 at 9:46 PM, Paul DeBruicker <
> pdebruic@ > > wrote: > >> >> Hi Mariano, >> >> You shouldn't use it. Its broken. I didn't realize until just now. But >> I >> also haven't been using it. >> >> > ohh what a pity :( > I was planning to use it! > > >> >> To encrypt the db password do >> >> enc:=Blowfish encryptString:'myDbPassword' with: 'mySecretKey' >> >> and to decrypt it later do >> >> Blowfish decryptToString: enc with: 'mySecretKey' >> >> > I tried that. But..in my case, the "enc" I should store it in a file, so I > need the string rather than the bytearray. So I did: > > | enc encryptedString decr decrString | > enc:=Blowfish encryptString:'test' with: 'mySecretKey'. > encryptedString := enc asByteArray asString. > Transcript show: ' encrypted: ', encryptedString; cr. > > and encryptedString is that I would store in the file. > > And then to decrypt: > > decr := Blowfish decryptString: encryptedString with: 'mySecretKey'. > decrString := decr asByteArray asString. > Transcript show: ' decrypted: ', decrString; cr. > > but there are several problems: > > 1) I cannot encrypt passwords smaller than 8 characters neither bigger (as > you noted). Not a big problem. But I may be using this same algorithm for > something else in where I may have smaller paswords (but I am not sure). > 2) I am not sure I am doing fine with the encoding and the strings... > (conversion between bytearray and string) > 3) the decryption doesn't work for me... :( > > If you fix, please let me know!! If I can help/test, also. > > > Thanks, > > > > -- > Mariano > http://marianopeck.wordpress.com Blowfish is a 8 byte block cipher so for shorter strings I'll need to pad the byte array, and for longer strings I'll need to make it use cipher block chaining: (https://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29) If you change #decryptString:with: to: Blowfish class>>decryptString: aString with: aKey |decryptedData | decryptedData := (self new ecbDecrypt: aString asByteArray with: aKey asByteArray ). ^String fromByteArray: decryptedData asByteArray . Then this workspace code should work: | enc encryptedString dkey decrString | key:='mySecretKey'. enc:=Blowfish encryptString:'12345678' with: key. encryptedString := enc asByteArray asString. Transcript show: ' encrypted: ', encryptedString; cr. decrString:=Blowfish decryptString: encryptedString with: key. Transcript show: ' decrypted: ', decrString; cr. But with the password 'test' it will always fail because I'm not yet padding the byte array to a multiple of 8 bytes before encrypting it. Thanks for your patience Paul -- View this message in context: http://forum.world.st/Pharo-dev-Recommendation-for-password-encryption-tp4698499p4698789.html Sent from the Pharo Smalltalk Developers mailing list archive at Nabble.com.
