20 Mar
2013
20 Mar
'13
3:58 p.m.
Hi
Dne Wed, 20 Mar 2013 11:53:05 +0100
Michael Hamann <michael(a)content-space.de> napsal(a):
I was alerted that something might be wrong in the
Blowfish
implementation when a user complained that he couldn't decrypt a text
that was encrypted on another system. I found that the ciphertext
depends on the system (even if both systems are 64 bit systems).
As phpMyAdmin uses the encryption for temporary data stored in cookie,
this should not be an issue - it should be always same system that does
both encrypting and decrypting.
This loss of precision happens in the calculation of
the S-boxes which
means that these S-boxes are most probably less random than they
should be. I think the security of the algorithm might be flawed
because of this but I'm not sure. However at least one thing is clear:
this is not Blowfish.
Flawed security sounds bad, though we've always strongly recommended to
install mcrypt (in which case this code is not used), so most users
should be safe.
We don't plan to fix the implementation, instead
we deprecated it and
want to replace it after the current release,
http://phpseclib.sourceforge.net/ (AES) is a possible candidate. I
assume that regardless which library we choose the ciphertext will be
different so it doesn't matter if we also switch the block cipher.
Indeed it makes sense to switch to more reliable code. We will consider
it as well.
--
Michal Čihař | http://cihar.com | http://blog.cihar.com