List Info

Thread: Scripts send encrypted email to Spamcop
Scripts send encrypted email to Spamcop
user name
 2006-10-27 18:44:30 
Hello,

  One other thing I just thought of - that patch doesn't
honor the old
regenerate_key setting, and it needs to.  Just change:

my $literal_key = $options->;

to something like:

my $literal_key = $options-> ||
($options->
&& !$options->);

Jesse


On Fri, 2006-10-27 at 12:17 -0600, Jesse Norell wrote:
> Heh... sorry about that last email.  I confuse Send and
"close window"
> sometimes.  
> 
> On Fri, 2006-10-27 at 06:57 -0700, Robert LeBlanc
wrote:
> > 
> > After some experimentation, I'm increasingly
convinced that Crypt::CBC
> > 2.17 and later are simply broken, specifically
with regard to the way
> > the random initialization vector is handled by the
decrypt() method
> > when
> > a literal key is supplied.  As you say, specifying
literal_key and
> > randomiv works fine for encrypt(), but not for
decrypt().
> > 
> 
>   This is exactly the problem, CBC.pm is broken. 
Specifically
> _generate_iv_and_cipher_from_datastream() ignores the
literal_key
> setting and always calls _key_from_key().  This is a
patch for CBC.pm
> version 2.17 that fixes it by having _key_from_key()
honor that setting
> itself (in case there are other such cases).
> 
> --- /usr/lib/perl5/vendor_perl/5.8.8/Crypt/CBC.pm.orig 
2006-10-27
> 12:03:19.000000000 -0600
> +++ /usr/lib/perl5/vendor_perl/5.8.8/Crypt/CBC.pm      
2006-10-27
> 12:03:47.000000000 -0600
>  -90,6 +90,7 
>      my $random_iv = 1 unless defined $iv;
>      croak "Initialization vector must be exactly
$bs bytes long when
> using the $cipher cipher" if defined $iv and
length($iv) != $bs;
> 
> +    my $literal_key = $options->;
>      my $legacy_hack =
$options->;
>      my $padding     = $options-> ||
'standard';
> 
>  -142,6 +143,7 
>                   'keysize'     => $ks,
>                    'header_mode' => $header_mode,
>                   'legacy_hack' => $legacy_hack,
> +                 'literal_key' => $literal_key,
>                    'pcbc'        => $pcbc,
>                   'make_random_salt' =>
$random_salt,
>                   'make_random_iv'   => $random_iv,
>  -359,6 +361,8 
>    my $pass  = shift;
>    my $ks    = $self->;
> 
> +  return $pass if $self->;
> +
>    my $material = md5($pass);
>    while (length($material) < $ks)  {
>      $material .= md5($material);
> 
> 
-- 
Jesse Norell - jessekci.net
Kentec Communications, Inc.

_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )