From what I've read I think you are kinda sorta right.
The problem is that when you lookup Blowfish you will find
many "flavors" of it and one is CBC -- And that is just
the beginning ... :(
Also the key "cooking" also throws yet another monkey
wrench into things but then this goes well outside of of
Blowfish norms and this is a very nasty "layer" that you'd
never expect to be there.
Really need a nice clean white paper *AND* test vectors!
With that in hand I'd tend to be willing to argue that the
OpenSRS interface is relatively open archecture. But until
there is such clean and clear docs for that very nasty
layer, then I'll continue to argue OpenSRS API is targeted
for a single platform environment.
The really said part is that *SOMEBODY* at Tucows should
be able to hammer out that doc, and create test vectors.
fairly easily (1 or 2 days at most) and put the issue to
rest.
I finally *COMPLETELY* gave up of the API and just
scripted the RWI. Does what I need and the code runs on
Win98 and any other Windows OS I need to run it on. But
that's really dumb. If someone has my username and
password they can do most common operations from any PC in
the world using industry standard SSL. So what does DES,
Blowfish, and IP locking even buy us? Nothing at all.
I'm not ignoring that DES and Blowfish are the result of
history, I'm just saying clearly doc the damn thing and
provide test vectors since it's very hard to debug
encrypted data as that's the entire point to encrypting
data in the first place.
On Sun, 23 Nov 2003 16:52:13 -0800
"Lynn W. Taylor" <Lynn@BusCom.net> wrote:
>I haven't spent a whole bunch of time on this, but maybe
>this will help....
>
>I don't think the problem is Blowfish, I think it is CBC.
>
>Blowfish is a block cypher, and OpenSRS needs a streaming
>cypher. CBC is a technique to turn block cyphers into
>streaming cyphers.
>
>>From what I've read, there appears to be two flavors of
>>CBC: the "real world standard" one, and the one
>>implemented in the PERL Crypt:CBC library.
>
>There are a couple of other differences, but there are
>third-party documents that cover them. As far as I
>remember, they had to do with how keys were generated for
>the cypher.
>
>-- Lynn
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:37:50 EDT