On 9/7/06, Orlando Andico <[EMAIL PROTECTED]> wrote:
This 3rd-party application does not set the hash and IV ( = initialization
vectors ) directly, instead it uses SecretKeyFactory.generateSecret() to
derive the encryption key from the passphrase.
I don't know exactly how this derivation is done, I'm guessing PKCS#5 v2.0
PBKDF2?
I'm not really familiar with Perl, but on Java, the 3rd party app
probably used PKCS #5 according to this:
http://java.sun.com/j2se/1.5.0/docs/api/javax/crypto/spec/PBEKeySpec.html
Probably used the first constructor. However, since you're using CBC,
the IV is required. If no IV is specified, I believe
javax.crypto.Cipher will throw an exception. Maybe the secret key
generated from was used as the IV (which is a bad idea).
--
Gideon N. Guillen
[EMAIL PROTECTED]
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
