Front page | perl.crypto |
Postings from January 2006
I'm trying to fix a bug in my application which encrypts using the
following -- only the $key and 'iv' have been changed :
use Crypt::CBC();
my $key = pack('H16',"0123456789ABCDEF");
Crypt::CBC->new(
{
'key' => $key,
'cipher' => 'Blowfish',
'iv' => 'Gopher!!',
'regenerate_key' => 0,
'padding' => 'space',
'prepend_iv' => 0
})
This seems to work properly with an exception just noted in the field and
confirmed by me. Namely when a certain word, let's say it's 'Neil' gets
entered via the app the data gets mangled. I don't know if the problem is
on the encrypt, decrypt or both. I do know that if I enter 100 form field
values (it's a web app) and 10 of them are Neil those fields go into the DB
with the same encrypted values, and then decrypt to the same new values.
But the decrypted version still looks encrypted if that makes sense, so
somewhere it went wrong. The other 90 'non-Neil' values all encrypt and
decrypt fine.
The problem only seems to crop up when the value Neil is used afaik. Is my
initialization hosed, so that this kind of thing is likely to happen? I
notice from the CPAN writeup
http://search.cpan.org/dist/Crypt-CBC/CBC.pm
that I'm using ancient features and perhaps wrongly at that. Seems like I
ought to decrypt the DB, and then re-encrypt with a new cipher instantiated
something like this:
Crypt::CBC->new(
{
-key => 'my secret key',
-cipher => 'Blowfish',
-salt => 1
})
Yuck, what a mess. This site's in production and my client's just thrilled
to death by all this. Fortunately this was discovered before things got
into full swing, unfortunately it was discovered by the client, not me. :(
Marty
Marty Landman, Face 2 Interface Inc. 845-679-9387
Webmaster's Bulletin Board: http://bbs.face2interface.com/
Web Installed Formmail: http://face2interface.com/formINSTal
Thread Next