On 9/7/06, Orlando Andico <[EMAIL PROTECTED]> wrote:
[snipped]
As you can see, the IV or salt isn't specified anywhere. I don't want to go
digging around (and decompiling) the javax.crypto.* libraries!
Well, from what I see in the code, 'Cipher.getInstance("DES")' implies
that it's actually using DES in ECB, not CBC, and with PKCS #5
padding. ('Cipher.getInstance("DES")' implies
'Cipher.getInstance("DES/ECB/PKCS5Padding")')
And as for they key, the reason why there's no salt is that it's
actually using the raw string's first 8 bytes as the encryption key.
So if the password is "foobar12" that's the actual encryption key. Or
if the password is "foobar54321" the encryption key is "foobar54".
--
Gideon N. Guillen
[EMAIL PROTECTED]
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
