Home page logo

nmap-dev logo Nmap Development mailing list archives

Ref:Re: Ref:Using NSE OpenSSL for Blowfish?
From: "Omar Herrera " <oherrera () prodigy net mx>
Date: Sat, 27 Dec 2008 22:29:10 -0600

Hi Ron,The IV is different than the key; it is simply a value used to randomize the encryption of the first block in 
order to avoid some attacks.But looking at your answer it makes more sense. It seems the C blowfish implementations 
that you have only supports ECB mode (Electronic codebook mode). That means that it is only able to encrypt each 64 bit 
block independently. This mode is fast but not very secure, since you can still see patterns repeating in the 
ciphertext (e.g. two indentical cleartext blocks of 64 bits will produce exactly the same ciphertext blocks).This is 
probably the reason why you don't see the IV parameter required in these C functions, and this might be also the reason 
why NSE's openssl module (which seems to use CBC mode and thus require the IV parameter) is incompatible with the C 
implementation that you are using.To implement CBC in your C program you would need to do a bitwise XOR of the 
plaintext block with the resulting cihpertext of the previous block, before applying the Blowfish encryption function. 
In the case of the first block you do the XOR with the IV as no previous block exists. Take a look at the diagrams in 
wikipedia's explanation of encryption modes (http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation). It makes it 
easier to see the difference between encryption modes (particularly ECB and CBC).Cheers,Omar&nbsp;&nbsp;

      De :
      &nbsp;nmap-dev-bounces () insecure org
      Para :
      &nbsp;"Omar Herrera" oherrera () prodigy net mx
      Copia :
      &nbsp;"nmap-dev" nmap-dev () insecure org
      Fecha :
      &nbsp;Sat, 27 Dec 2008 21:48:23 -0600
      Asunto :
      &nbsp;Re: Ref:Using NSE OpenSSL for Blowfish?

&gt; Omar Herrera wrote:&gt; &gt; Hi Ron,&gt; &gt; &gt; &gt; I'm not familiar with NSE's OpenSSL module, but i think I 
know what&gt; &gt; might be causing the problem: the Initialization Vector.&gt; &gt; &gt; &gt; I couldn't find in the 
module's documentation the encryption mode used,&gt; &gt; but I'm assuming its CBC. Blowfish does operate on 64 bit 
blocks, but in&gt; &gt; CBC mode the result of encrypting each block is also used to modify the&gt; &gt; encryption 
process of the next block. That is why you can't decipher&gt; &gt; blocks independently unless you use ECB mode.&gt; 
&gt; &gt; &gt; Obviously the first block doesn't have any previous information from&gt; &gt; other blocks, and here is 
where the IV is used; this IV serves as a&gt; &gt; mechanism to add randomness to the encryption process of the first 
block.&gt; &gt; &gt; &gt; Now, you must make sure you are using exactly the same mechanisms to&gt; &gt; generate the IV 
for the encryption and the decryption. For instance,&gt; &gt; within Openssl if you use a password the key and the IV 
will be&gt; &gt; generated from the password using a PKCS5 compatible protocol&gt; &gt; 
(http://www.openssl.org/docs/crypto/EVP_BytesToKey.html), so the IV&gt; &gt; won't be empty.&gt; &gt; &gt; &gt; Within 
the NSE module it is not clear to me what will be passed to the&gt; &gt; openssl functions (i.e. will it be a null 
pointer or random data).&gt; &gt; OpenSSL encryption tool requires that you pass an IV whenever you use&gt; &gt; only 
an hexadecimal key (see -K and -iv in&gt; &gt; http://www.openssl.org/docs/apps/enc.html); the same with the 
encryption&gt; &gt; functions of the OpenSSL library (see&gt; &gt; http://www.openssl.org/docs/crypto/blowfish.html), 
since all encryption&gt; &gt; modes different than ECB require an IV)&gt; &gt; &gt; &gt; Salting is not used by default 
and doesn't seem to be included as an&gt; &gt; option in the NSE module, so it is less likely that this is your 
problem.&gt; &gt; &gt; &gt; The best way to make sure is to encrypt your string with the NSE module&gt; &gt; using a 
key and an IV of your choice, and then trying to decrypt it also&gt; &gt; with the NSE functions. Next, I would suggest 
to encrypt your text with&gt; &gt; the openssl command line tool (using the same keys and IV) and decrypt&gt; &gt; it 
using the NSE module, and viceversa. Since salts are apparently not&gt; &gt; being used, you should get exactly the 
same result.&gt; &gt; &gt; &gt; If this works, then this would confirm that the undefined IV in NSE is&gt; &gt; the 
problem.&gt; &gt; &gt; &gt; I hope this helps,&gt; &gt; &gt; &gt; Omar Herrera&gt; &gt; Hi Omar,&gt; &gt; That's 
incredibly helpful, thanks! I gave up working on this for today&gt; (too tired/frustrated to be productive).&gt; &gt; A 
question, though: the IV you're talking about, is that also the key?&gt; Or is there a separate key and IV? The data 
I'm using is encrypted in C,&gt; and the interface looks like this:&gt; --&gt; void Blowfish_Init(BLOWFISH_CTX *ctx, 
unsigned char *key, int keyLen);&gt; void Blowfish_Encrypt(BLOWFISH_CTX *ctx, unsigned long *xl, unsigned&gt; long 
*xr);&gt; void Blowfish_Decrypt(BLOWFISH_CTX *ctx, unsigned long *xl, unsigned&gt; long *xr);&gt; --&gt; &gt; So I only 
see a key, unless the IV is hardcoded into the library.&gt; &gt; In either case, I don't think I'm decrypting the data 
in the same order&gt; as it's encrypted, so I'd bet that's the problem.&gt; &gt; Thanks!&gt; Ron&gt; &gt; -- &gt; Ron 
Bowes&gt; http://www.skullsecurity.org/&gt; &gt; _______________________________________________&gt; Sent through the 
nmap-dev mailing list&gt; http://cgi.insecure.org/mailman/listinfo/nmap-dev&gt; Archived at http://SecLists.Org

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]