question about blowfish in SSH-1

[yawnmoth]

So I guess blowfish has a variable key length. Any key between 4 and 56 bytes is acceptable.

My question is... what key length does SSH-1 use for it? And in what mode? And what's the IV? I'm gonna guess, for the IV, that it's just all null bytes?

I've seen RFC's for SSH-2 that talk about blowfish being used in CTR and CBC mode there with a key length of 16 bytes.

Any insight would be appreciated - thanks!!

[Simon Tatham]

yawnmoth <terr...@yahoo.com> wrote:
> My question is... what key length does SSH-1 use for it? And in what
> mode? And what's the IV? I'm gonna guess, for the IV, that it's just all
> null bytes?

Checking the PuTTY source code since I can't remember offhand, it
looks as if SSH-1 Blowfish uses 32 bytes (256 bits) of key, and yes,
an all-zeroes IV as is typical for SSH-1.

Another change in Blowfish usage between SSH-1 and SSH-2 is the
endianness of the data streams. The Blowfish cipher is defined in
terms of taking two 32-bit words as input and giving two 32-bit words
as output; in SSH-2, eight bytes of plaintext/ciphertext are
identified with those two 32-bit words by considering the words to be
stored big-endian, whereas in SSH-1 it's little-endian.

Out of interest, why are you looking into this now? I really hope you
_don't_ have a serious need to implement SSH-1. Nobody should be using
it if they can possibly avoid it!

> I've seen RFC's for SSH-2 that talk about blowfish being used in CTR and
> CBC mode there with a key length of 16 bytes.

Only half right. RFC 4253 does define SSH-2 "blowfish-cbc" to use a
16-byte key, but RFC 4344 defines "blowfish-ctr" to use 32.
--
Simon Tatham "I'm going to pull his head off. Ear by ear."
<ana...@pobox.com> - a games teacher

[yawnmoth]

On Wednesday, May 15, 2013 3:37:43 AM UTC-5, Simon Tatham wrote:
> yawnmoth <terr...@yahoo.com> wrote:
>
> > My question is... what key length does SSH-1 use for it? And in what
>
> > mode? And what's the IV? I'm gonna guess, for the IV, that it's just all
>
> > null bytes?
>
>
>
> Checking the PuTTY source code since I can't remember offhand, it
>
> looks as if SSH-1 Blowfish uses 32 bytes (256 bits) of key, and yes,
>
> an all-zeroes IV as is typical for SSH-1.
>
>
>
> Another change in Blowfish usage between SSH-1 and SSH-2 is the
>
> endianness of the data streams. The Blowfish cipher is defined in
>
> terms of taking two 32-bit words as input and giving two 32-bit words
>
> as output; in SSH-2, eight bytes of plaintext/ciphertext are
>
> identified with those two 32-bit words by considering the words to be
>
> stored big-endian, whereas in SSH-1 it's little-endian.

I think that helps - thanks!!

>
> Out of interest, why are you looking into this now? I really hope you
>
> _don't_ have a serious need to implement SSH-1. Nobody should be using
>
> it if they can possibly avoid it!

Mostly just intellectual curiosity lol. Seeing how different ciphers are used in the real world is interesting. Like 3DES is a bit quirky in SSH1 in that it uses inner chaining vs the more common outer chaining. ie. it encrypts the entire plaintext three times instead of each block three times. Useless bit of trivia, I suppose, but it's still interesting, none-the-less!