Hi -
I've never implemented any cryptographic algorithms before but I'm trying to make an implementation of the bcrypt password hashing algorithm [1] in Pharo. I'm using the OpenBSD C implementation [2] as a reference. To make it work I need a port of the Blowfish algorithm and am also using the OpenBSD C blowfish implementation [3] as a reference.
With what I have so far my "blowfish" can accurately encrypt and decrypt a string using a key. But the encrypted string does not match any of the reference implementations. I can take '0123456789' and encrypt it with the key 'AAAAA' and decrypt the result and get '0123456789' but my encrypted string is different than the C or Java encrypted string. So I believe I've done something wrong. I think my Feistel Network method is wrong because it eventually starts returning increasingly large 5 byte integers rather than the 4 bytes integers it should. At least that's my current guess about the problem.
Is there an open source version of Blowfish in Smalltalk I could look at to see where I may be going wrong?
Thanks
Paul
[1] http://www.usenix.org/events/usenix99/provos.html & http://codahale.com/how-to-safely-store-a-password/
[2] http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/crypt/bcrypt.c
[3] http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/crypt/blowfish.c
Hi Paul,
Looks like a fun project. I'm sorry I don't have time to help. Have you looked at the other Smalltalk crypto classes? Having an implementation that works but doesn't match definitely means you didn't do something correctly. It could be something very small like a constant that is wrong. Or it could be issues with endianess or something silly like that. Have a look at how some of the others are done, get familiar with the tricks. I recommend reading "Practical Cryptography" Ferguson & Schneier if you haven't already. Reading the pseudo code with the Smalltalk implementations that are already done should help.
Good luck with it!
Ron Teitelbaum
-----Original Message----- From: cryptography-bounces@lists.squeakfoundation.org [mailto:cryptography-bounces@lists.squeakfoundation.org] On Behalf Of Paul DeBruicker Sent: Friday, April 22, 2011 10:58 AM To: cryptography@lists.squeakfoundation.org Subject: [Cryptography Team] bcrypt password hashing
Hi -
I've never implemented any cryptographic algorithms before but I'm trying
to
make an implementation of the bcrypt password hashing algorithm [1] in Pharo. I'm using the OpenBSD C implementation [2] as a reference. To make it work I need a port of the Blowfish algorithm and am also using the OpenBSD C blowfish implementation [3] as a reference.
With what I have so far my "blowfish" can accurately encrypt and decrypt a string using a key. But the encrypted string does not match any of the reference implementations. I can take '0123456789' and encrypt it with the key 'AAAAA' and decrypt the result and get '0123456789' but my encrypted string is different than the C or Java encrypted string. So I believe I've done something wrong. I think my Feistel Network method is wrong because it eventually starts returning increasingly large 5 byte integers rather than the 4 bytes integers it should. At least that's my
current
guess about the problem.
Is there an open source version of Blowfish in Smalltalk I could look at
to see
where I may be going wrong?
Thanks
Paul
[1] http://www.usenix.org/events/usenix99/provos.html & http://codahale.com/how-to-safely-store-a-password/
[2] http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/crypt/bcrypt.c
[3] http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/crypt/blowfish.c _______________________________________________ Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Hi!
2011/4/22 Paul DeBruicker pdebruic@gmail.com:
Hi -
I've never implemented any cryptographic algorithms before but I'm trying to make an implementation of the bcrypt password hashing algorithm [1] in Pharo. I'm using the OpenBSD C implementation [2] as a reference. To make it work I need a port of the Blowfish algorithm and am also using the OpenBSD C blowfish implementation [3] as a reference.
With what I have so far my "blowfish" can accurately encrypt and decrypt a string using a key. But the encrypted string does not match any of the reference implementations. I can take '0123456789' and encrypt it with the key 'AAAAA' and decrypt the result and get '0123456789' but my encrypted string is different than the C or Java encrypted string. So I believe I've done something wrong. I think my Feistel Network method is wrong because it eventually starts returning increasingly large 5 byte integers rather than the 4 bytes integers it should. At least that's my current guess about the problem.
Is there an open source version of Blowfish in Smalltalk I could look at to see where I may be going wrong?
Really a coincidence because just TODAY I started implementing Blowfish in Squeak (Is on my todo list from years). I'm only starting and deciding somethings about implementation, but if all go well I will relese it as MIT.
My sources of examples and info are:
- The examples in other languages in the site of Bruce Schneier; - The visual works implementation and - A PHP implementation I found in snipplr.
My idea, in addition to implementing, is develop (just for training/fun) some UI to play with it.
Let me know if I can help.
Cheers.
cryptography@lists.squeakfoundation.org