[PYTHON-CRYPTO] amkCrypto: Cipher decrypt(string) output
Andrew Archibald
aarchiba at YAHOO.COM
Wed Mar 28 07:14:19 CEST 2001
On Tue, Mar 27, 2001 at 09:31:37PM -0000, Jason R. Mastaler wrote:
> I'm experimenting with amkCrypto, and I'm confused about the output
> I'm getting back from a decrypted string.
>
> #!/usr/bin/env python
> import time
> from Crypto.Cipher import Blowfish
> key = '146bfea4ab7274e6f0ccff25351c2f39'
> cipherobj=Blowfish.new(key, Blowfish.CBC)
> input = '%16d' % (time.time() +1)
> dated_cookie = cipherobj.encrypt(input)
> plaintext = cipherobj.decrypt(dated_cookie)
>
> print input
> print plaintext
>
> This code produces the following output where `*' is really a binary
> character:
>
> 985728133
> ********85728133
>
> Why aren't input and plaintext identical? The strings end the same,
> but plaintext has some binary characters at its beginning.
You're using CBC mode, which has state (You should be supplying an IV when
you create the Blowfish object, BTW), and you're re-using a Blowfish
object. That is, when you create a CBC-mode encryptor object, you supply
an initialization vector. Every time you encrypt a block, the IV is XORed
into the plaintext, the result is encrypted, and the output replaces the
IV. So if you encrypt the same string more than once with the same object,
you get different data. This is a feature.
You probably want to be creating a new Blowfish object every time.
However, there is an undocumented feature of amkCrypto which allows you
to reset the IV (by assigning to cipherobj.IV) if creating new Blowfish
objects is too expensive. If it's not, you should be using triple DES,
which will be faster and more secure (if prehaps not as sexy[1]) than
constantly re-keying Blowfish.
Andrew
[1]http://www.blowfish.com/
More information about the python-crypto
mailing list