Login/Register
What's the difference between Blowfish and Blowfish-compat?
Asked Answered
Solved pythonencryptionmcryptblowfish
U

1

5

I can't seem to find a source for the differences. I've found this difference in this online decryption tool

http://www.tools4noobs.com/online_tools/decrypt/

I have some encrypted Blowfish data that I'm trying to decrypt through Python's PyCrypto module. The problem, however, is that the data seems to be encrypted with "blowfish-compat", as that's what it takes to decrypt it through the online tool; I can't decrypt it through PyCrypto's module, and I'm gathering that it uses strictly Blowfish decryption (and not Blowfish-compat, whatever that is).

Is it possible to decrypt blowfish-compat through Python somehow? I don't know the differences between the two.

Ulrike answered 10/7, 2012 at 21:44 Comment(0)
B
7

good question. it seems to be something specific to the mcrypt/libmcrypt program.

i couldn't find any docs so i looked at the source for libmcrypt. that contains two modules, one for blowfish, and one for blowfish-compat. when i look at those, the only difference i can see (warning: i am a software engineer, but not a crypto specialist) is that the logic for byte order is swapped (ifdef WORDS_BIGENDIAN is replaced by ifndef WORDS_BIGENDIAN - note the "n").

so my guess is that it is for decoding data on big-endian machines that was encoded on little-endian machines, or vice-versa. or perhaps there is some convention that code should follow about endianness, but some libraries break it, and this compensates.

update aha! and knowing that, googling for "blowfish-compat big-endian" turns up what looks like confirmation. see http://www.spinics.net/lists/crypto/msg00175.html - which discusses an incorrect implementation that got the ordering reversed.

so, in short, your data were incorrectly encoded. the "compat" mode reproduces the bug so that they can be decoded.

given that, it looks like you're short-of-luck on the python front unless you can find a python interface to mcrypt. http://labix.org/python-mcrypt looks like it might work (pypi page - http://pypi.python.org/pypi/python-mcrypt).

(this was one of the most fun answers to provide in a long time :o)

oh, and i got the source from http://sourceforge.net/projects/mcrypt/ by following the "browse all files" link under the download button (the button downloads mcrypt, not libmcrypt).

Bent answered 10/7, 2012 at 22:38 Comment(3)
Awesome stuff, thank you! I had just nearly abandoned hope and was about to rewrite in PHP, but you've saved the day! Kudos!Ulrike
Your answer is spot on: However there is a bit of hope for everyone using pycrypto: You can "emulate" blowfish-compat by reversing the byte order (4 byte blocks) before the encryption and again on the encryption result. One example is this commit github.com/pyropeter/otrtool/commit/…Amazonas
That emulation code doesn't work so well if you're using a mode like CTR. Like if you have 1234 it returns 4321 but what if you have 12? Plaintext's don't need to be multiples of the block size in CTR. You can NULL pad to the nearest 8 bytes it won't work after thatRather

© 2022 - 2024 — McMap. All rights reserved.