> From: owner-openssl-us...@openssl.org On Behalf Of Eric Nichols (DirWiz) > Sent: Thursday, 16 September, 2010 17:35
> I am working with a legacy app and need to use OpenSSL to decrypt > Blowfish-cbc. The library in question > (http://search.cpan.org/~lds/Crypt-CBC-2.30/CBC.pm) uses a 56 > byte key size That says it defaults to 56 and you should specify 16 for OpenSSL compatibility. Presumably your legacy app didn't. > while OpenSSL defaults to a 16 byte key size. > > I think part of my problem is that EVP_BytesToKey only > returns a 16 byte key. > > Is there any way to change the key size to 56 bytes? I've > included my 16 byte > code below. > It appears you could construct your own EVP_CIPHER object, but it looks easier to bypass EVP_ByteToKey and just do the few MD5's directly. Note that a PB-derived 56-byte key makes no security sense; the hashing limits the entropy to 16 bytes, or slightly less. Maybe it was convenient to use the same setting as actual keys, which could be longer -- though even there, symmetric keys of 128 random bits won't be the weak link of any crypto implementation in my lifetime. (And if you have bad random, using more of it usually won't help.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
