Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:17:28 ADT
Eric Young (eay@cryptsoft.com)
Tue, 19 May 1998 15:57:51 +1000 (EST)
On Tue, 19 May 1998, Nicholas Charles Brawn wrote:
> 1. With a block cipher, when dealing with a binary file (or any file for
> that matter), how do you deal with the remaining block if it's incomplete?
You pad the final block with values that contain the number of final padding
bytes. This means you always add 1 to 8 bytes. The other option is to use
the block cipher in cfb or ofb mode.
> 2. In the docs for ssleay, eric suggests using des_read_pw_string() to
> obtain the plaintext key, then making a 16 byte hash of it using md5, then
> sending it (in my case) to BF_set_key(). How is this better than simply
> sending the plaintext key to BF_set_key()?
Quite a few cipher can take quite long keys (blowfish, rc2, rc4), while other
are fixed (DES, IDEA).
By always using a function based on a hash, (interated deterministically
enough times to generate enough key material), you can map any size input key
onto any size cipher key. If you use the SSLeay 'EVP' interface to ciphers,
it provides EVP_read_pw_string() to read a key, and
EVP_BytesToKey() to convert to a key, dependant on the cipher to be used.
It actually uses a slight modification of PKCS-5, the specification of which
can be found on www.rsa.com.
One other benifit is that
this also will smear the input bits out of the ascii pattern.
DES, for example has parity bits in the key. These parity bits are actually
the least significate bit, so "prtvx024" is actually the same key as
"qsuvy135". Using the md5 (or other hash) as a general practice will help you
avoid any particular ansymetric quirks of the particular ciphers 'set_key'
function.
eric
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:17:28 ADT