RC4 doesn't always encrypt/decrypt the same way twice
CGen...@aol.com
same results. The majority of the time it works but I can't find anything
explaining why it doesn't work 100% of the time.
void EnDe(unsigned char *buf)
{
RC4_KEY key;
unsigned char keys[17] = "s1fuk8wfe4hj9ksi";
RC4_set_key(&key,keys[0],&(keys[1]));
RC4(&key,strlen((const char *)buf), buf, buf);
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
Jason Aras
On Wed, 2 May 2001 CGen...@aol.com wrote:
> If I use the code below to encrypt and decrypt it doesn't always produce the
> same results. The majority of the time it works but I can't find anything
> explaining why it doesn't work 100% of the time.
>
> void EnDe(unsigned char *buf)
> {
> RC4_KEY key;
> unsigned char keys[17] = "s1fuk8wfe4hj9ksi";
>
> RC4_set_key(&key,keys[0],&(keys[1]));
>
I have not used RC4 routines before, just the RSA but strlen() wont work
on encrypted data because it can have null's now I am not sure if this is
the case or not w/ RC4 or not. Its ok to encrypt w/ strlen() because you
are in theory encrypting text (or not?).
-jay
Greg Stark
passing keys[0] as the key length? It looks like keys[0] == 's', which is
the same as 0x73, which means you are going way past the end of the keys
array into areas of memory that may or may not change. Not good. And, as
someone else pointed out, you cannot use strlen() on cipher.
Greg Stark
ghs...@pobox.com
----- Original Message -----
From: <CGen...@aol.com>
To: <openss...@openssl.org>
Sent: Wednesday, May 02, 2001 9:12 PM
Subject: RC4 doesn't always encrypt/decrypt the same way twice
> If I use the code below to encrypt and decrypt it doesn't always produce
the
> same results. The majority of the time it works but I can't find anything
> explaining why it doesn't work 100% of the time.
>
> void EnDe(unsigned char *buf)
> {
> RC4_KEY key;
> unsigned char keys[17] = "s1fuk8wfe4hj9ksi";
>
> RC4_set_key(&key,keys[0],&(keys[1]));
>
CGen...@aol.com
Here is the corrected code for all those learning as I am.
void EnDe(unsigned char *buf)
{
RC4_KEY key;
unsigned char keys[18] = "s1fuk8wfe4hj9ksi\0";
RC4_set_key(&key,strlen((const char *)&keys[0]),&(keys[0]));
RC4(&key,sizeof(buf), buf, buf);
}
<< On Wed, 2 May 2001 CGen...@aol.com wrote:
If I use the code below to encrypt and decrypt it doesn't always produce
the
same results. The majority of the time it works but I can't find anything
explaining why it doesn't work 100% of the time.
void EnDe(unsigned char *buf)
{
RC4_KEY key;
unsigned char keys[17] = "s1fuk8wfe4hj9ksi";
RC4_set_key(&key,keys[0],&(keys[1]));
>>
______________________________________________________________________
Richard Levitte - VMS Whacker
CGenrich> If I use the code below to encrypt and decrypt it doesn't always produce the same results. The majority of the time it works but I can't find anything explaining why it doesn't work 100% of the time.
CGenrich>
CGenrich> void EnDe(unsigned char *buf)
CGenrich> {
CGenrich> RC4_KEY key;
CGenrich> unsigned char keys[17] = "s1fuk8wfe4hj9ksi";
CGenrich>
CGenrich> RC4_set_key(&key,keys[0],&(keys[1]));
The call above is incorrect. You probably want something like this:
RC4_set_key(&key,sizeof(keys)-1,keys);
or:
RC4_set_key(&key,strlen(keys),keys);
The first variant requires that you use an array, just the way you
do. The second variant requires the key to be a NUL-terminated
string. If you have the key pointed to with a pointer and not being a
NUL-terminated string, you need to keep track of the size through some
other means.
--
Richard Levitte \ Spannvägen 38, II \ LeV...@stacken.kth.se
Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis -- po...@bofh.se
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
Greg Stark
of an unsigned char * on your system, probably 4. You must have some other
method of determining the length of buf.
Also, C strings are automatically terminated with a \0 so you shouldn't add
your own. Also, if you restrict the bytes in the key to be printable
characters, you'll need more of them to produce the 128-bit entropy you are
trying to achieve.
It is important to stop thinking of crypto items such as key and cipher as C
strings.
====================
Greg Stark
ghs...@pobox.com
====================
----- Original Message -----
From: <CGen...@aol.com>
To: <openss...@openssl.org>
Sent: Thursday, May 03, 2001 12:24 PM
Subject: Re: RC4 doesn't always encrypt/decrypt the same way twice
> Thank you for all the responses, with your help I have solved the dilemma.
> Here is the corrected code for all those learning as I am.
>
> void EnDe(unsigned char *buf)
> {
> RC4_KEY key;
> unsigned char keys[18] = "s1fuk8wfe4hj9ksi\0";
>
>
> RC4_set_key(&key,strlen((const char *)&keys[0]),&(keys[0]));
>
> RC4(&key,sizeof(buf), buf, buf);
>
> }
>
> << On Wed, 2 May 2001 CGen...@aol.com wrote:
>
> If I use the code below to encrypt and decrypt it doesn't always produce
> the
> same results. The majority of the time it works but I can't find
anything
> explaining why it doesn't work 100% of the time.
>
> void EnDe(unsigned char *buf)
> {
> RC4_KEY key;
> unsigned char keys[17] = "s1fuk8wfe4hj9ksi";
>
> RC4_set_key(&key,keys[0],&(keys[1]));
> >>
>