Peter Wilkes wrote: > so we ran this with a 64 bit int and noticed that 128 bits comes out. > can we safely ignore the other 64 bits? why are we getting 128 bits out? > > we are using the TripleDES cipher.
It's not clear if you mean 128-bits comes out of the encryption process or 128-bits comes out when you decrypt it. (128-bits of ciphertext? Or 128-bits of recovered plaintext?) If the former, that's normal. It's pretty easy to prove that any encryption scheme that guarantees the output is the same size as the input will have various pretty serious limitations, so it's not unusual for encryption to expand data. (For a silly example, consider a single bit that encodes whether or not to do something. Someone need only observe one communication and see whether or not you do that something to be able to 'break' the cipher. One that expands the single bit to, say, 128-bits non-deterministically would not have that problem.) If the latter, that indicates a poor choice of padding or cipher mode. If you know the original plaintext is always, say, 64-bits, you should be able to ignore all the rest. But it's probably a better idea to choose a padding scheme that protects the length. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
