Ben, have you looked at the output of "the ciphernames"? There are
quite a few 'des' variants, are you sure you're using the right one?
Also, I'd stick with the "with password" format, unless you know how
the other side is padding (if they are).
Best,
Mark
On 20 Jul 2009, at 20:00, Ben Rubinstein wrote:
I'm trying to implement a protocol which uses DES encryption to send a
password across the network. And I know nothing about encryption.
In the protocol I'm working with, the approach is that one side
sends a random
16-byte "challenge"; the other end encrypts this data "with DES
using the
password as key", and sends the 16 byte encrypted result back to
the server.
I captured this exchange between two existing apps that implement the
protocol, ie I got the 16 byte challenge, and the 16 byte response
(and of
course I already know the password). So now I'm attempting to
implement code
in Rev that will generate the same 16 byte response, given that 16
byte
challenge and the password.
My first attempt:
encrypt tChallenge using "des" with password tPassword
This returned 16 bytes, but they were the wrong ones.
I went back to the documentation and saw that it said "using the
password as
key"; my second attempt therefore:
encrypt tChallenge using "des" with key tPassword
This time I get an error "invalid keystring for specified keysize".
I saw that "the ciphernames" tells me the default key length for
DES is 64
bits. My password is four characters. I changed my code to pad
the password
to eight bytes, using numtochar(0). Now I didn't get an error, but
I get the
wrong byte sequence back. Just for fun, I tried spaces instead of
zero bytes
for the padding; different data, still wrong.
So then I decided that while I'd like to understand this, it was an
unnecessary distraction; and changed the password to be exactly
eight characters, and captured a new challenge and response.
Feeding this to the script, the first byte of the Rev-calculated
response (possibly the first 12 bits depending on endian issues)
matches the correct response, but perhaps that's just coincidence.
Can someone kindly point me in the right direction? Have I just
misunderstood
something simple?
TIA,
Ben
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
