Decrypt Blowfish Online

[Jules Altier]

Ihave some encrypted Blowfish data that I'm trying to decrypt through Python's PyCrypto module. The problem, however, is that the data seems to be encrypted with "blowfish-compat", as that's what it takes to decrypt it through the online tool; I can't decrypt it through PyCrypto's module, and I'm gathering that it uses strictly Blowfish decryption (and not Blowfish-compat, whatever that is).

i couldn't find any docs so i looked at the source for libmcrypt. that contains two modules, one for blowfish, and one for blowfish-compat. when i look at those, the only difference i can see (warning: i am a software engineer, but not a crypto specialist) is that the logic for byte order is swapped (ifdef WORDS_BIGENDIAN is replaced by ifndef WORDS_BIGENDIAN - note the "n").

so my guess is that it is for decoding data on big-endian machines that was encoded on little-endian machines, or vice-versa. or perhaps there is some convention that code should follow about endianness, but some libraries break it, and this compensates.

update aha! and knowing that, googling for "blowfish-compat big-endian" turns up what looks like confirmation. see - which discusses an incorrect implementation that got the ordering reversed.

The online Blowfish encryption and decryption tool provides online Blowfish encryption and decryption test. The encryption and decryption supports five encryption modes: CBC, CFB, OFB, CTR and ECB, and the input and output supports three formats: hex, string and base64.

You can use the Blowfish external component to integrate encryption into your Omnis Studio applications. Alternatively, you can use the CRYPTO Worker Object to perform encryption and decryption of data using the AES, Camellia, and DES encryption types.

Omnis Studio supports the Blowfish encryption algorithm via a non-visual External Object which you can use in code to provide a layer of security. Blowfish is a fast and freely available encryption algorithm created by Bruce Schneier.

The Blowfish external object contains methods to encrypt and decrypt, as well as initialize the encryption object using an initial key. To create an encryption object, you should create an object variable and specify the Blowfish object as the subtype of the variable. You must initialize the blowfish object with a variable length key using the $initkey() method. For example:

Optionally adds a length header if bAddLenHeader is kTrue and then returns the binary encrypted data. The object can use the length header to restore the data length when decrypting the data. The header is 8 bytes.

You can use the encxtea() and decxtea() functions to encrypt and decrypt binary data. The functions are found in the Binary Field group and use the eXtended Tiny Encryption Algorithm (XTEA) to encrypt the data.

encstr(string[,key])

Encodes the string using the key. If omitted, Omnis uses its default value for the key. The return value of encstr() is a string that is difficult to decode without knowing the key. To decode the string, and return the original value, use the decstr() function.

The result of encrypt(myText, key, "BLOWFISH", "HEX") gives me a value that I can decrypt just fine in coldfusion, but apparently not the same value as you would get if you ran the same encryption (blowfish, hex) using PHP or Java.

I've tried padding the myText variable with null characters to fill it so the length is a multiple of 8 (have to use URLDecode("%00") instead of char(0) as the null character, since char(0) doesn't actually increase the length of the string). But that doesn't seem to have much of any effect.

If someone can make the result of coldfusion's blowfish encryption match what you get using that tool above I would really appreciate it.

If you're expecting two entirely-unrelated language implementation teams, not only "to come up with compatible implementations" but to continue to do so for (perhaps...?) the next twenty-five years, "it ain't gonna happen."

And you ... or your successor (who is cursing your name posthumously after you had "that very unfortunate with a bread truck") ... might well be stuck with several gigabytes of un-decryptable data. "Don't go there!"

If two applications need to talk to each other in such a way that no one can understand what they are saying, don't attempt a "roll your own" solution. Instead, require that an encrypted secure communication-channel must exist between the two parties ... using proven, commercially available technologies such as VPN or SSL. The information which the two parties send to each other is "in the clear."

Likewise, if you need to store secret data in a database, arrange for the database management system to secure that database on your behalf. Make sure that your connection to the DBMS is likewise "flowing across a secure network channel."

In all of these cases, you have succeeded in removing the obligation for security from your application. You have passed-the-buck to known-good third parties. You have also built your app to rely upon technologies that the IS infrastructure people already know how to manage.

All these languages encrypt data using algorithm=BLOWFISH, mode=ECB, encoding=HEX and produce exactly the same result, so the API accepts it. When I try to do it in CF, it produces a different result, so I cannot post to the API.

If PHP, Java, .NET, Perl and Delphi can come up with compatible implementations of Blowfish, why can't Coldfusion? Coldfusion is obviously the outlier, and is doing something different from the "standard" implementation of this encryption method - I'm trying to understand what that difference is, and if I can somehow bring it in line with the rest of the world.

At this point, I've been working on this for a week and the solution seems no closer. I've even tried using Sean Corfield's cf_php, but that doesn't work because its implementation of the unpack function seems to have a bug.

I'm pleased you got your problem sorted. I'd still like to get to the bottom of why CF is doing this differently, so it would be really helpful if you could post the code you used to demonstrate that - when given the same parameters - CF presents different results than PHP and Java (which provide the same results). If there's a bug here, I'd like to get it on Adobe's radar. If there's an obscure explanation for it, I'd like to work out what it is "for next time".

By default this initializes a Blowfish cipher that will interpret bytes usingthe big-endian byte order. Should the need arrise to use the little-endian byteorder, provide "little" as the second argument.

To encrypt or decrypt data in CTR mode, use encrypt_ctr or decrypt_ctrmethods of the Cipher object. CTR mode can operate on data of any length.Although you can use any counter you want, a simple increment by one counteris secure and the most popular. So for convenience sake a simple increment byone counter is implemented by the blowfish.ctr_counter function. However,you should implement your own for optimization purposes.

SHA-1 is a hashing algorithm, such as MD5 that accept any input up to 2^64 bits and returns a "hash" of 160-bits (which is 40 characters in hexadecimal because it takes 4 bits for one character). This function allows you to make a digital fingerprint of a file, or a word, etc, ecause it's supposed to give you an unique condensate (hash) of your input.

SHA-1 was created based on SHA-0, which was designed by the NSA and published in 1993. Security flaws were found on this algorithm, which was based on the equally flawed MD4, and so it was improved to give the SHA-1 algorithm in 1995 (again by the NSA).

Though SHA-1 is more secure than MD5, for which collisions were found very early, it's now considered as insecure after collisions were found by Antoine Joux and other reasearchers. They discovered a way to produce collisions after "only" 2^69 operations, that was improved into 2^63 since then. This is considered a flaw as a normal collision attack based on birthday attack initially took 2^80 operations to be done, which was considered as secure enough. The SHA-1, as the other hashing function, is supposed to give you an unique hash (as stated before collisions were found, and anyway 160-bits gives a very large but finite number of possible output), which means that if you change only a letter in the input, all the hash will be different. For instance if we hash the word "Password" with a capital P it produces this hash :

As we saw before, a hash is the result of a cryptographic function (here SHA-1) that takes any input and produces a 40-hexa hash. That also means that we lose information in the process. Since you could produce a hash with an entire book (again the input can be up to 2^64 bits which is huge), you understand pretty easily how there would be no way to reproduce the plain-text or file with only the hash as an input. It's called a one way hash function, which means as the name states, that you can only go from plaintext to hash. Now how do we decrypt SHA1 hashes if you cannot use the hash as input for a decryption function ?Well first of all, we do not "decrypt" a hash. We use this word because it's a convenient way to name what we do, which is more of a hash lookup.

The only way to decrypt a hash is to compare it with a database containing couples of plaintext:hash (so rainbow tables or hash tables, which are not the same things). This is what we have here as we store dozens of billions passwords in a flat database. These passwords are stored in a way that improves both diskspace and lookup speed. So when you enter a hash in the search bar, we look for hashes that starts with the same sequence (call it a partial match), then we check for those hash if the associated passwords match your particular hash. If so we return it to you.

Our service is totally free. We also store every unfound hash and attempt to bruteforce them every few weeks. So if your hash wasn't found, you could come back after some time to check if we cracked it. If we finally didn't manage to crack your hash(es), you could then use your own computer to bruteforce them using hashcat if your GPU is fast enough. Mixed with wordlist and rules this can be a very powerful tool. You could also use paying cracking services such as hashes.com or onlinehascrack.com for instance.Is SHA1 secure ?As we said before, SHA-1 isn't secure anymore since collisions were found. It's still widely used though for file signature, or even as password storage by webmasters that aren't up to date or that actually doesn't care too much about security. Now if you use SHA-1 to store your user's passwords, and doesn't want to switch to a better hashing function, you can actually implement salting without user friction.

3a8082e126