List Info

Thread: Scripts send encrypted email to Spamcop
Scripts send encrypted email to Spamcop
user name
 2006-10-27 18:17:54 
Heh... sorry about that last email.  I confuse Send and
"close window"
sometimes.  

On Fri, 2006-10-27 at 06:57 -0700, Robert LeBlanc wrote:
> 
> After some experimentation, I'm increasingly convinced
that Crypt::CBC
> 2.17 and later are simply broken, specifically with
regard to the way
> the random initialization vector is handled by the
decrypt() method
> when
> a literal key is supplied.  As you say, specifying
literal_key and
> randomiv works fine for encrypt(), but not for
decrypt().
> 

  This is exactly the problem, CBC.pm is broken. 
Specifically
_generate_iv_and_cipher_from_datastream() ignores the
literal_key
setting and always calls _key_from_key().  This is a patch
for CBC.pm
version 2.17 that fixes it by having _key_from_key() honor
that setting
itself (in case there are other such cases).

--- /usr/lib/perl5/vendor_perl/5.8.8/Crypt/CBC.pm.orig 
2006-10-27
12:03:19.000000000 -0600
+++ /usr/lib/perl5/vendor_perl/5.8.8/Crypt/CBC.pm      
2006-10-27
12:03:47.000000000 -0600
 -90,6
+90,7 
     my $random_iv = 1 unless defined $iv;
     croak "Initialization vector must be exactly $bs
bytes long when
using the $cipher cipher" if defined $iv and
length($iv) != $bs;

+    my $literal_key = $options->;
     my $legacy_hack =
$options->;
     my $padding     = $options-> || 'standard';

 -142,6
+143,7 
                  'keysize'     => $ks,
                   'header_mode' => $header_mode,
                  'legacy_hack' => $legacy_hack,
+                 'literal_key' => $literal_key,
                   'pcbc'        => $pcbc,
                  'make_random_salt' => $random_salt,
                  'make_random_iv'   => $random_iv,
 -359,6
+361,8 
   my $pass  = shift;
   my $ks    = $self->;

+  return $pass if $self->;
+
   my $material = md5($pass);
   while (length($material) < $ks)  {
     $material .= md5($material);


-- 
Jesse Norell - jessekci.net
Kentec Communications, Inc.

_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )