Menu
▾
▴
[Pycrypto-checkins] [ pycrypto-Bugs-1967068 ] Blowfish differs from others
|
From: SourceForge.net <no...@so...> - 2008-05-20 10:52:05
|
Bugs item #1967068, was opened at 2008-05-19 06:03 Message generated for change (Comment added) made by nobody You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=120937&aid=1967068&group_id=20937 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: Blowfish differs from others Initial Comment: Blowfish in pycrypto produces different results that many other implementations, e.g. Java's JCE, Bruce Schneier's reference implementation, crypto etc. Reproduce by doing the following encryption in different languages: binascii.hexlify(Blowfish.new("1234567890123456").encrypt("12345678")) PyCrypto outputs: 61d2570dc6e09632 Java, Schneier's C implementation, openssl output: e00723bbb58234aa In both cases it was same little-endian machine. st...@ya... ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2008-05-20 03:52 Message: Logged In: NO I wish PyCrypto can pass Bruce Shneier's Blowfish test suite! Get it from his website http://www.schneier.com/code/vectors.txt E.g. the following print binascii.hexlify(Blowfish.new(binascii.unhexlify( 'FFFFFFFFFFFFFFFF' ), Blowfish.MODE_ECB).encrypt(binascii.unhexlify( 'FFFFFFFFFFFFFFFF' ))) must output 51866FD5B85ECB8A, not 63c6e3f875f553b3 like 2.0.1 does. That will make the library interoperable with other standard implementations. In current state (2.0.1) blowfish is mostly useless, you can't write a Python client to network server which uses Blowfish for traffic encryption etc. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2008-05-20 00:27 Message: Logged In: NO Looks like problem is in private function used PyCrypto's: #define bf_round(l,r,n) \ l ^= P[n]; \ r ^= ( (sub(S[0],l>>22 & 0x3fc) + sub(S[1],l>>14 & 0x3fc)) \ ^ sub(S[2],l>>6 & 0x3fc) ) +S[3][l & 0xff] Schneier's is different: #define S(x,i) (SBoxes[i][x.w.byte##i]) #define bf_F(x) (((S(x,0) + S(x,1)) ^ S(x,2)) + S(x,3)) #define ROUND(a,b,n) (a.dword ^= bf_F(b) ^ PArray[n]) Java's is the same different: private int func(int x) { return (((S0[(x >>> 24)] + S1[(x >>> 16) & 0xff]) ^ S2[(x >>> 8) & 0xff]) + S3[x & 0xff]); } ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=120937&aid=1967068&group_id=20937 |
