Look in CBC.pm. That's the way Crypt::CBC module generates the IV value.
Cheers
Paul
Cheers
Paul
On Tue, 18 Jul 2000, Steven Fletcher wrote:
> Hiya;
>
> My query (and, I suspect, trouble) really comes from the "RandomIV" strings
> that seem to be attached to the outgoing ciphertext. I hacked Client.pm's
> send_data bits to have:
>
> open(LOG, ">>/tmp/srslog-out.txt");
> print LOG "$message\n";
> close(LOG);
>
> So each outgoing string is seperated by a 0x0A. The client.txt says (to my
> understanding) that:
>
> 1) Random data in
> 2) Random data decrypted
> 3) MD5 checksum of data
> 4) Encrypted checksum out
>
> So, with the outgoing strings seperated at 01x02, 02x0b and 05x04, where is
> this 'RandomIV' text coming from, because the output from mcrypt_cbc() from
> PHP certainly dosen't include any of this guff - it's all
> random/gobbldeygook data, and that's where I think the problem is occouring.
> Comparing the output of Crypt::CBC and mcrypt_cbc() from Perl and PHP
> respectivley (for a given set of data/keys), they match. The CBC.pm included
> from within the OpenSRS implementation seems to do things differently,
> though.
>
> Any ideas?
>
> Steven Fletcher
> stevenf@shellnet.co.uk
>
> --
>
> www3# bpatch -d /tmp/srslog-out.txt
> File /tmp/srslog-out.txt opened successfully
>
>
> FILE: /tmp/srslog-out.txt (246) - ASCII
> PAGE: 0 (0)
> x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 xa xb xc xd xe xf 0123456789abcdef
>
> 00: 4f 70 65 6e 53 52 53 20 43 4c 49 45 4e 54 20 33 OpenSRS CLIENT 3
> 01: 2e 33 0a 6c 6f 67 69 6e 20 2d 62 6c 6f 77 66 69 .3.login -blowfi
> 02: 73 68 20 53 68 65 6c 6c 6e 65 74 0a 52 61 6e 64 sh Shellnet.Rand
> 03: 6f 6d 49 56 ed 10 8e 06 fd 53 a6 80 77 70 13 8f omIV.....S..wp..
> 04: 02 ca 09 08 b9 20 69 9d cd 0f 32 47 66 c4 33 05 ..... i...2Gf.3.
> 05: cb da 1f aa 0a 52 61 6e 64 6f 6d 49 56 bc f0 41 .....RandomIV..A
> 06: e2 6e a3 2c ec e1 e6 54 93 17 69 cb af b1 ef ea .n.,...T..i.....
> 07: 6c 4e 4c 5f 77 74 17 ba ea 90 ce a1 61 52 94 4c lNL_wt......aR.L
> 08: e1 21 e4 54 33 03 e9 49 b5 81 b9 dd 8f 4a 9e 6f .!.T3..I.....J.o
> 09: da 38 e8 27 49 eb e0 5d 81 17 dd 4a db 66 08 f9 .8.'I..]...J.f..
> 0a: 56 e8 fe 32 2a b3 fc d0 90 b2 7b fa e6 83 c4 96 V..2*.....{.....
> 0b: 8f fe 3b 02 5f 61 cb 12 35 5e fc 1a 3c a3 6a 43 ..;._a..5^..<.jC
> 0c: 5e 0d 30 f8 c7 c9 6a 76 dc 5c b2 b6 18 f4 33 27 ^.0...jv.\....3'
> 0d: e3 17 70 b9 a9 3f ce ca 31 2d 38 66 54 d6 6a e9 ..p..?..1-8fT.j.
> 0e: 44 8a ec fc 2b 5a 94 c6 01 01 66 10 0b 73 c0 73 D...+Z....f..s.s
> 0f: 59 49 b2 5c 4a 0a YI.\J.
>
>
> > -----Original Message-----
> > From: Brad Murray [mailto:brad@graphtech.net]
> > Sent: 18 July 2000 15:05
> > To: Steven Fletcher
> > Subject: Re: PHP interface/client
> >
> >
> > Steven,
> >
> > I tried this quite a while ago with no success. Make sure
> > you're not using
> > DES, as the perl des library is odd. Try building it using
> > either Blowfish
> > or Blofish_PP (don't remember if mcrypt supports the second one)...
> >
> > Brad
> >
> > > Hi all;
> > >
> > > Does anyone have any information/pointers to using the
> > mcrypt library with
> > > PHP in order to get a PHP interface working? I have had a *lot* of
> > > difficulty with the encryption phase, which I suspected is
> > down to the IV
> > > parts of the exchanged keys. I've hit a brick wall and
> > after much hair
> > loss
> > > am appealing here! :-)
> > >
> > > Thanks for any info anyone can provide;
> > >
> > > Steven Fletcher
> > > stevenf@shellnet.co.uk
> > >
> >
>
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:35:41 EDT