ID: 8839
Updated by: derick
Old-Status: Assigned
Status: Closed
Bug Type: mcrypt related
Assigned To: derick

Fixed in CVS

Previous Comments:

[2001-01-23 12:12:14] [EMAIL PROTECTED]
Just got notice that libmcrypt 2.4.9-beta has been released, and in this version they 
have swapped the meaning of "blowfish" and "blowfish-compat" mode.

So, if you try the test scripts I posted on your own server running 2.4.9-beta, then 
change "blowfish-compat" back to "blowfish".

- Colin


[2001-01-22 10:11:11] [EMAIL PROTECTED]
I'll take care of it as discussed with Colin and Sascha


[2001-01-22 10:08:13] [EMAIL PROTECTED]
The way PHP encrypts using Blowfish doesn't seem to be compatible with the published 
"standard" test cases.

I've mentioned this to the author of libmcrypt, and he fixed part of the problem (see 
the CVS verions of libmcrypt, or whatever comes after 2.4.8).  This adds a 
"blowfish-compat" mode which solves some endianness issues.

However, PHP still isn't compatible with Perl's Crypt::Blowfish, nor (I imagine) with 
any other software that uses Blowfish encryption.  Also, the 2.2.x and 2.4.x functions 
in PHP, when passed the same parameters, don't generate the same encrypted strings.

Here are links to three files: the test vectors from, test scripts using 2.2.x functions and one 
using 2.4.x functions, with and without long key handling.

All scripts generate some different results than the test vectors.  The closest to 
getting them all right, is the 2.4.x script that emulates Perl keys.  However, it 
still gives the "wrong" answer for one test case.

- Colin


ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to