Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Looking for two blowfish implementations that produce the same crypts

2 views
Skip to first unread message

Cameron Horn

unread,
Jan 21, 2003, 3:38:26 PM1/21/03
to
I'm looking for two blowfish implementations written in C and Java
(bonus for Perl) that produce the same crypts, even on different
platforms. Using the raw key of "abcdefgh" and encrypting
"secret\002\002," I get the following results (encoded in Base64):

Current C++ code, Based on an article by Jason Wylie,
Ja...@themediaco.com from www.codeguru.com
Solaris: QUT9sBHtzOk=
Windows: DCFYt1tX75w=

Using Cryptix, a Java product:
DCFYt1tX75w=

Using Perl's Crypt::Blowfish:
DCFYt1tX75w=

Using C code by Paul Kocher:
(Only checked on Windows)
QUT9sBHtzOk=

Code available at request.

Michael Sierchio

unread,
Jan 21, 2003, 4:42:51 PM1/21/03
to
Cameron Horn wrote:

OpenSSL.

Cameron Horn

unread,
Jan 22, 2003, 10:36:21 AM1/22/03
to
Michael Sierchio <ku...@tenebras.com> wrote in message news:<YRidnQtgTfB...@speakeasy.net>...

OpenSSL produces QUT9sBHtzOk= on Windows, which may be correct for all
I know. I still cannot generate the same crypt in Java, or Perl.
Which was my original problem.

Michael Amling

unread,
Jan 22, 2003, 1:34:01 PM1/22/03
to
Cameron Horn wrote:
> Michael Sierchio <ku...@tenebras.com> wrote in message news:<YRidnQtgTfB...@speakeasy.net>...
>
>>Cameron Horn wrote:
>>
>>>Solaris: QUT9sBHtzOk=
>>>Windows: DCFYt1tX75w=
>>>DCFYt1tX75w=
>>>DCFYt1tX75w=
>>>QUT9sBHtzOk=

>>
>>OpenSSL.
>
> OpenSSL produces QUT9sBHtzOk= on Windows, which may be correct for all
> I know. I still cannot generate the same crypt in Java, or Perl.
> Which was my original problem.

I assume you do not have a pre-existing Blowfish implementation that
you have to be compatible with. So, would it be too suggestive to ask if
you get such discrepancies when using Rijndael?

--Mike Amling

Cameron Horn

unread,
Jan 22, 2003, 5:33:55 PM1/22/03
to
Michael Amling <nos...@nospam.com> wrote in message news:<3E2EE442...@nospam.com>...

This software has been deployed using the first encryption method
described and it would be nice to retain some compatability, even if
only on one platform. I also have a marketing level dependency on
Blowfish. Which I may have to override, given the difficulty I'm
having with such a simple task.

Come on, Blowfish fans! Am I asking too much here? Point out my dumb
mistake, I can take it.

Paul Rubin

unread,
Jan 22, 2003, 6:10:06 PM1/22/03
to
camero...@panacya.com (Cameron Horn) writes:
> > > Current C++ code, Based on an article by Jason Wylie,
> > > Ja...@themediaco.com from www.codeguru.com
> > > Solaris: QUT9sBHtzOk=
> > > Windows: DCFYt1tX75w=

This looks like it doesn't properly deal with the byte order
difference between the x86 and the sparc. Not too surprising,
since the reference blowfish implemetation operates on two 32-bit
ints rather than on 8 chars.

Michael Amling

unread,
Jan 22, 2003, 7:12:53 PM1/22/03
to

Could it be some kind of Endian issue? 2**12 possibilities come to
mind, namely, for each of the key, the plaintext input and the
ciphertext output, try each combination of
A.Reverse the order of bits within a byte.
B.Reverse the order of bytes within each byte pair.
C.Reverse the order of byte pairs within each 32-bit word.
D.Reverse the order of 32-bit words.

--Mike Amling

Cameron Horn

unread,
Jan 23, 2003, 9:51:10 AM1/23/03
to
> >> I assume you do not have a pre-existing Blowfish implementation that
> >>you have to be compatible with. So, would it be too suggestive to ask if
> >>you get such discrepancies when using Rijndael?
> >
> >
> > This software has been deployed using the first encryption method
> > described and it would be nice to retain some compatability, even if
> > only on one platform. I also have a marketing level dependency on
> > Blowfish. Which I may have to override, given the difficulty I'm
> > having with such a simple task.
> >
> > Come on, Blowfish fans! Am I asking too much here? Point out my dumb
> > mistake, I can take it.
>
> Could it be some kind of Endian issue? 2**12 possibilities come to
> mind, namely, for each of the key, the plaintext input and the
> ciphertext output, try each combination of
> A.Reverse the order of bits within a byte.
> B.Reverse the order of bytes within each byte pair.
> C.Reverse the order of byte pairs within each 32-bit word.
> D.Reverse the order of 32-bit words.

I investigated some Endian issues (you missed one - the ordering or
the initialization array), but I'm shooting in the dark at problems I
shouldn't have to deal with.

You've managed to convince me to check out Rijandel.

Michael Amling

unread,
Jan 24, 2003, 1:17:14 AM1/24/03
to
Cameron Horn wrote:
> You've managed to convince me to check out Rijandel.

Ah, Rijndael combined with a transposition cipher!

--Mike Amling

Mrsjunecarey

unread,
Jan 27, 2003, 10:27:13 AM1/27/03
to
Dear Cameron,

>I'm looking for two blowfish implementations written in C and Java

For a C implementation of Blowfish, why don't you check out OpenBSD:

http://www.openbsd.org

Since that O/S is meant to be a clean separation of machine independent and
machine dependent code, I imagine their Blowfish implementation would be your
best choice.....

Cheers,
Robin

Eric Young

unread,
Jan 28, 2003, 2:59:44 AM1/28/03
to

My this thread has gone on much longer than it should have.
The problem is that the blowfish implementations are correct, even
though they give different answers. The problem is that the blowfish
input is specified as two 32bit numbers.
How do we go from 8 8bit numbers to 2 32bit numbers?

The little-endian people get one answer, the bigendian get the other.
Since the origional test vectors were two 32bit numbers, everyone gets
this part right. It's once they put in the 'unaligned char' -> aligned
32bit' conversion code they get things wrong.

So it is more correct to say that the ecb/cbc code is broken in some of
the implementations. I seem to rember that the 'correct' 8bit -> 32bit
conversion should be little-endian.

eric (who had a similar problem with idea (big-endian) until they
published char based test vectors (instead of short))

Eric Young

unread,
Jan 28, 2003, 3:08:07 AM1/28/03
to
Eric Young wrote:
> So it is more correct to say that the ecb/cbc code is broken in some of
> the implementations. I seem to rember that the 'correct' 8bit -> 32bit
> conversion should be little-endian.

I should follow up with the comment that some block ciphers can be
implemented as either big-endian or little-endian (DES and AES).
Others, specifically the ones using arithmetic operations, can not
idea big-endian
blowfish little-endian
rc2 little-endian
rc5 little-endian
and the exact endian when used in ecb/cbc etc mode is best defined by
reasonable test vectors.

eric


Tom St Denis

unread,
Jan 28, 2003, 9:21:00 AM1/28/03
to
Eric Young <eay_n...@pobox.com> wrote in message news:<3e363a6a$0$7815$afc3...@news.optusnet.com.au>...
> blowfish little-endian

Are you sure about this? My libtomcrypt blowfish code was checked by
others and reported as working correctly, it also uses big-endian.

Sadly the "reference" code published on counterpane is horribly
non-portable and the paper doesn't specify byte order either [I just
checked].

Tom

Eric Young

unread,
Jan 29, 2003, 5:59:50 AM1/29/03
to

hmm... I juat had a look, and yup, you are right, big-endian it is.
My memory is fading... I do remember reading a paper on optimising
blowfish for x86 many years ago, and the endian was the reverse of
what was the accepted standard, so this does make sense (the paper was
using little-endian, while big-endian was the standard). I think I was
remembering this episode.

There are test vectors at http://www.counterpane.com/vectors.txt

Since I supplied them from my version, blowfish must be officially
big-endian :-).

eric

0 new messages