On Wed, Nov 12, 2008 at 10:21:43PM -0800, Michael333 wrote:
> Maybe this is well known:
> There seems to be a big mistake in the implementation of the des-cbc mode in
> openssl.
There is a big mistake in your choice of keys, ...
http://en.wikipedia.org/wiki/Weak_key
It is unwise to jump to the conclusion that there are bugs in extremely
stable, thoroughly tested code (basic symmetric ciphers such as DES,
AES, RC4 in standard modes of operation).
> Read and repeat the following short experiment! Any comments?
This is exactly what one would expect from CBC when the key is an
involution (encrypting twice decrypts) and the plaintext is zero.
> start with a file containing 32 zero-bytes, corresponding to 4
> DES-input-blocks:
> sh-3.00$ xxd 4zeroblocks
> 0000000: 0000 0000 0000 0000 0000 0000 0000 0000 ................
> 0000010: 0000 0000 0000 0000 0000 0000 0000 0000 ................
>
> encrypt it with key=0 and iv=1
> sh-3.00$ openssl des -nosalt -K 0000000000000000 -iv 0000000000000001 -p -in
> 4zeroblocks -out 4zeroblocks.cbc.enc
> key=0000000000000000
> iv =0000000000000001
>
> view the output:
> sh-3.00$ xxd 4zeroblocks.cbc.enc
> 0000000: 166b 40b4 4aba 4bd6 0000 0000 0000 0001 [EMAIL PROTECTED]
> 0000010: 166b 40b4 4aba 4bd6 0000 0000 0000 0001 [EMAIL PROTECTED]
> 0000020: ef09 3ff1 576f 9352 ..?.Wo.R
>
> It makes absolutely no sense to output the iv twice here. This is certainly
> not the des-cbc-encryption of the input. For longer inputfiles, the iv keeps
> repeating like this in the output.
It makes perfect sense, because
C(n) = DES(K, XOR(0, cipherblock(n-1))) = P(n-1)
when the key is one of the weak keys.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
