Asp Forum
Home
|
Login
|
Register
|
Search
Forums
>
comp.lang.ruby
OpenSSL::Cipher partially decrypts string with wrong iv
Richard Oliveri
3/14/2009 2:18:00 AM
I have an application where I want to require both the correct key and
iv in order to decrypt a string. I wrote a very simple program to test
the various success and failure cases.
ruby 1.8.6 (2007-03-13 patchlevel 0) [i686-darwin8.10.1]
When the key and iv are correct, it succeeds, as expected.
When the wrong key is provided, it fails, as expected.
However, when I pass the wrong iv, it looks like it actually decrypts
most of the string. Only the first 16 bytes are not decrypted properly.
Here's the test program:
require 'openssl'
str = "The quick brown fox jumped over the lazy dog."
cip1 = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
cip1.encrypt
key = cip1.random_key
iv = cip1.random_iv
es = cip1.update(str) + cip1.final
cip2 = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
cip2.decrypt
cip2.key = key
cip2.iv = "X" * 32 # pass the wrong iv
rs = cip2.update(es) + cip2.final
puts rs
I would expect the decrypt to fail or just return garbage, but I get the
following:
���t��Y������W�fox jumped over the lazy dog.
Are my assumptions wrong, or is this an issue?
Thanks in advance. rpo
--
Posted via
http://www.ruby-...
.
Servizio di avviso nuovi messaggi
Ricevi direttamente nella tua mail i nuovi messaggi per
OpenSSL::Cipher partially decrypts string with wrong iv
Inserendo la tua e-mail nella casella sotto, riceverai un avviso tramite posta elettronica ogni volta che il motore di ricerca troverà un nuovo messaggio per te
Il servizio è completamente GRATUITO!
x
Login to ForumsZone
Login with Google
Login with E-Mail & Password