1
Mircryption / Re: How do decrypt irssi logs if i have the key? Also question about compiling M.
« on: November 13, 2011, 04:21 AM »A point about key size:
My understanding is that all of these implementations of Blowfish, are Blowfish 448, which supports a max key size of 56 bytes.
It may "accept" a 98byte key, but it don't believe it is using more than 56 bytes of it. though the question is (and the incompatibilities emerge from) which 56 bytes it is using.
I'd love to hear someone with a better understanding of Blowfish448 talk about this, since i've forgotten most of what little i once knew.-mouser (August 02, 2011, 04:57 PM)
I'm seeing the same problem as the thread starter, the decryption seems to be wrong for keys larger than 56 characters. I'm trying to figure out how the original FiSH implementation handles this but so far I've only gotten some clues, don't fully understand it
In the source http://fish.secure.l...hat.v0.98-source.zip (or the irssi version)
in blowfish.c in the function blowfish_init(), it is first checked whether the key size is larger than 72 ((bf_N + 2) * 4) - where bf_N is defined as 16. If that is the case, the key is truncated and only the first 72 bytes are used for further computations.
Then the following loop seems to do some shifting and XOR'ing for the first 18 bytes in the key (bf_N is 16) using the keysize. This seems to be the only place in the function where the keysize (which can be larger than 56) is used so I guess it happens here.
j = 0;
if (keybytes > 0) {
for (i = 0; i < bf_N + 2; ++i) {
temp.w.byte0 = key[j];
temp.w.byte1 = key[(j + 1) % keybytes];
temp.w.byte2 = key[(j + 2) % keybytes];
temp.w.byte3 = key[(j + 3) % keybytes];
bf_P[i] ^= temp.word;
temp.word = 0;
j = (j + 4) % keybytes;
}
}
if (keybytes > 0) {
for (i = 0; i < bf_N + 2; ++i) {
temp.w.byte0 = key[j];
temp.w.byte1 = key[(j + 1) % keybytes];
temp.w.byte2 = key[(j + 2) % keybytes];
temp.w.byte3 = key[(j + 3) % keybytes];
bf_P[i] ^= temp.word;
temp.word = 0;
j = (j + 4) % keybytes;
}
}
trying to figure it out, maybe someone here has some ideas..