Blowfish encryption with different keys produces same ciphertextCan one efficiently iterate valid bcrypt hash output values?Is the 64-bit blocksize a fatal issue when encrypting TBs of data with Blowfish CBC?Rainbow tables and blowfishblowfish ecb with openssl doesn't give the expected resultHow does the Blowfish algorithm key initialization workDecrypting a blowfish cipher with three keysHow to create the right Blowfish padding?Implementing symmetric encryption algorithms with whole wordsBlowfish, Sboxes and the digits of PI, and the P_ArrayWill using a 32 character key for Blowfish make it a 32 bit encryption?
How do photons get into the eyes?
How did students remember what to practise between lessons without any sheet music?
How hard would it be to convert a glider into an powered electric aircraft?
Implement Homestuck's Catenative Doomsday Dice Cascader
How bad would a partial hash leak be, realistically?
Bent spoke design wheels — feasible?
What can plausibly explain many of my very long and low-tech bridges?
Turing patterns
Do any instruments not produce overtones?
Should I "tell" my exposition or give it through dialogue?
How to generate random points without duplication?
Why does Kathryn say this in 12 Monkeys?
Did Darth Vader wear the same suit for 20+ years?
Why don't B747s start takeoffs with full throttle?
Why does the Schrödinger equation work so well for the Hydrogen atom despite the relativistic boundary at the nucleus?
How is it possible that Gollum speaks Westron?
Why does this sentence use 东西?
Why don’t airliners have temporary liveries?
Managing libraries hosted on EmacsWiki
Why is the application of an oracle function not a measurement?
How to translate “Me doing X” like in online posts?
Secure offsite backup, even in the case of hacker root access
"Living" organ bank is it practical?
Proof that shortest path with negative cycles is NP hard
Blowfish encryption with different keys produces same ciphertext
Can one efficiently iterate valid bcrypt hash output values?Is the 64-bit blocksize a fatal issue when encrypting TBs of data with Blowfish CBC?Rainbow tables and blowfishblowfish ecb with openssl doesn't give the expected resultHow does the Blowfish algorithm key initialization workDecrypting a blowfish cipher with three keysHow to create the right Blowfish padding?Implementing symmetric encryption algorithms with whole wordsBlowfish, Sboxes and the digits of PI, and the P_ArrayWill using a 32 character key for Blowfish make it a 32 bit encryption?
$begingroup$
I have set up a test app with Blowfish encryption taken from someone else's library. I have been astonished to find that password "Test" gives the same encrypted text as password "TestTestTestTest". Is this normal behavior of the algorithm or is it a bug?
blowfish
edited May 28 at 12:48
Maarten Bodewes♦
56.4k682202
asked May 28 at 5:55
MariuszMariusz
61
New contributor
Mariusz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
add a comment |
$begingroup$
I have set up a test app with Blowfish encryption taken from someone else's library. I have been astonished to find that password "Test" gives the same encrypted text as password "TestTestTestTest". Is this normal behavior of the algorithm or is it a bug?
blowfish
edited May 28 at 12:48
Maarten Bodewes♦
56.4k682202
asked May 28 at 5:55
MariuszMariusz
61
New contributor
Mariusz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
$begingroup$
@forest it does though. Read the keyscheduling code...
$endgroup$
– Henno Brandsma
May 28 at 9:38
$begingroup$
@forest he's not talking about bcrypt, which would give different outputs, but the classic encryption algorithm.
$endgroup$
– Henno Brandsma
May 28 at 9:39
add a comment |
$begingroup$
I have set up a test app with Blowfish encryption taken from someone else's library. I have been astonished to find that password "Test" gives the same encrypted text as password "TestTestTestTest". Is this normal behavior of the algorithm or is it a bug?
blowfish
edited May 28 at 12:48
Maarten Bodewes♦
56.4k682202
asked May 28 at 5:55
MariuszMariusz
61
New contributor
Mariusz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
I have set up a test app with Blowfish encryption taken from someone else's library. I have been astonished to find that password "Test" gives the same encrypted text as password "TestTestTestTest". Is this normal behavior of the algorithm or is it a bug?
blowfish
blowfish
edited May 28 at 12:48
Maarten Bodewes♦
56.4k682202
asked May 28 at 5:55
MariuszMariusz
61
New contributor
Mariusz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited May 28 at 12:48
Maarten Bodewes♦
56.4k682202
asked May 28 at 5:55
MariuszMariusz
61
New contributor
Mariusz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited May 28 at 12:48
Maarten Bodewes♦
56.4k682202
edited May 28 at 12:48
Maarten Bodewes♦
56.4k682202
edited May 28 at 12:48
Maarten Bodewes♦
56.4k682202
56.4k682202
asked May 28 at 5:55
MariuszMariusz
61
New contributor
Mariusz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked May 28 at 5:55
MariuszMariusz
61
asked May 28 at 5:55
MariuszMariusz
61
61
New contributor
Mariusz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Mariusz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$begingroup$
@forest it does though. Read the keyscheduling code...
$endgroup$
– Henno Brandsma
May 28 at 9:38
$begingroup$
@forest he's not talking about bcrypt, which would give different outputs, but the classic encryption algorithm.
$endgroup$
– Henno Brandsma
May 28 at 9:39
add a comment |
$begingroup$
@forest it does though. Read the keyscheduling code...
$endgroup$
– Henno Brandsma
May 28 at 9:38
$begingroup$
@forest he's not talking about bcrypt, which would give different outputs, but the classic encryption algorithm.
$endgroup$
– Henno Brandsma
May 28 at 9:39
$begingroup$
@forest it does though. Read the keyscheduling code...
$endgroup$
– Henno Brandsma
May 28 at 9:38
$begingroup$
@forest it does though. Read the keyscheduling code...
$endgroup$
– Henno Brandsma
May 28 at 9:38
$begingroup$
@forest he's not talking about bcrypt, which would give different outputs, but the classic encryption algorithm.
$endgroup$
– Henno Brandsma
May 28 at 9:39
$begingroup$
@forest he's not talking about bcrypt, which would give different outputs, but the classic encryption algorithm.
$endgroup$
– Henno Brandsma
May 28 at 9:39
add a comment |
1 Answer
1
active
oldest
votes
$begingroup$
It looks like the library is treating the string as the key to Blowfish, which has a veriable key size; the way the keysetup is done (with a cyclical use of the key bytes, see more details on the Wikipedia page) implies that key $k$ of length $n$ and key $k||k$ of length $2n$ have the same expanded key and thus an equivalent encryption/decryption function. Your "Test" example also illustrates this.
Usually from a string a key is "derived" using a KDF, which is then input to an algorithm that accepts keys of some fixed sizes like 128 bits etc. But Blowfish can accept 1 byte keys, and 300 byte keys too, so libraries often don't do this an accept the key input 'as is', without KDF being compulsory. Or they "pad" a string like 'Test' to 16 bytes with 0-bytes etc. Be sure you know what a library does before using it. Keys should be random and unpredictable, not dictionary words.
answered May 28 at 9:37
Henno BrandsmaHenno Brandsma
3,273916
$endgroup$
$begingroup$
So one of the ways is changing the blowfish algorithm to another one? Since the strength of encryption depends on the length of the password, apparently it does not apply to blowfish. For example, the password "TestTestTestA" would have the strength more or less the same as the password TestA?
$endgroup$
– Mariusz
May 28 at 10:42
$begingroup$
@Mariusz TestTestTestA is not equivalent to TestA, as it's not a repeat, TestATestATestA would be. The true solution is to use a KDF.
$endgroup$
– Henno Brandsma
May 28 at 10:47
$begingroup$
I have little knowledge on ciphers. So more or less, regarding the password length, "TestTestTest" has the strength 4 whereas TestTestTestA has the strenght 13 ?
$endgroup$
– Mariusz
May 28 at 11:00
$begingroup$
@Mariusz for this implementation of the cipher, yes. And length is not the only factor of course.
$endgroup$
– Henno Brandsma
May 28 at 11:28
1
$begingroup$
A password is not a key. Although Blowfish accepts different key sizes doesn't mean that you should use passwords as key. I agree with Henno here: use a Password Based Key Derivation Function or PBKDF. If you want you could use bcrypt as PBKDF, which uses Blowfish underneath (just an implementation detail).
$endgroup$
– Maarten Bodewes♦
May 28 at 12:50
|
show 3 more comments
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "281"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Mariusz is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f70862%2fblowfish-encryption-with-different-keys-produces-same-ciphertext%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
It looks like the library is treating the string as the key to Blowfish, which has a veriable key size; the way the keysetup is done (with a cyclical use of the key bytes, see more details on the Wikipedia page) implies that key $k$ of length $n$ and key $k||k$ of length $2n$ have the same expanded key and thus an equivalent encryption/decryption function. Your "Test" example also illustrates this.
Usually from a string a key is "derived" using a KDF, which is then input to an algorithm that accepts keys of some fixed sizes like 128 bits etc. But Blowfish can accept 1 byte keys, and 300 byte keys too, so libraries often don't do this an accept the key input 'as is', without KDF being compulsory. Or they "pad" a string like 'Test' to 16 bytes with 0-bytes etc. Be sure you know what a library does before using it. Keys should be random and unpredictable, not dictionary words.
answered May 28 at 9:37
Henno BrandsmaHenno Brandsma
3,273916
$endgroup$
$begingroup$
So one of the ways is changing the blowfish algorithm to another one? Since the strength of encryption depends on the length of the password, apparently it does not apply to blowfish. For example, the password "TestTestTestA" would have the strength more or less the same as the password TestA?
$endgroup$
– Mariusz
May 28 at 10:42
$begingroup$
@Mariusz TestTestTestA is not equivalent to TestA, as it's not a repeat, TestATestATestA would be. The true solution is to use a KDF.
$endgroup$
– Henno Brandsma
May 28 at 10:47
$begingroup$
I have little knowledge on ciphers. So more or less, regarding the password length, "TestTestTest" has the strength 4 whereas TestTestTestA has the strenght 13 ?
$endgroup$
– Mariusz
May 28 at 11:00
$begingroup$
@Mariusz for this implementation of the cipher, yes. And length is not the only factor of course.
$endgroup$
– Henno Brandsma
May 28 at 11:28
1
$begingroup$
A password is not a key. Although Blowfish accepts different key sizes doesn't mean that you should use passwords as key. I agree with Henno here: use a Password Based Key Derivation Function or PBKDF. If you want you could use bcrypt as PBKDF, which uses Blowfish underneath (just an implementation detail).
$endgroup$
– Maarten Bodewes♦
May 28 at 12:50
|
show 3 more comments
$begingroup$
It looks like the library is treating the string as the key to Blowfish, which has a veriable key size; the way the keysetup is done (with a cyclical use of the key bytes, see more details on the Wikipedia page) implies that key $k$ of length $n$ and key $k||k$ of length $2n$ have the same expanded key and thus an equivalent encryption/decryption function. Your "Test" example also illustrates this.
Usually from a string a key is "derived" using a KDF, which is then input to an algorithm that accepts keys of some fixed sizes like 128 bits etc. But Blowfish can accept 1 byte keys, and 300 byte keys too, so libraries often don't do this an accept the key input 'as is', without KDF being compulsory. Or they "pad" a string like 'Test' to 16 bytes with 0-bytes etc. Be sure you know what a library does before using it. Keys should be random and unpredictable, not dictionary words.
answered May 28 at 9:37
Henno BrandsmaHenno Brandsma
3,273916
$endgroup$
$begingroup$
So one of the ways is changing the blowfish algorithm to another one? Since the strength of encryption depends on the length of the password, apparently it does not apply to blowfish. For example, the password "TestTestTestA" would have the strength more or less the same as the password TestA?
$endgroup$
– Mariusz
May 28 at 10:42
$begingroup$
@Mariusz TestTestTestA is not equivalent to TestA, as it's not a repeat, TestATestATestA would be. The true solution is to use a KDF.
$endgroup$
– Henno Brandsma
May 28 at 10:47
$begingroup$
I have little knowledge on ciphers. So more or less, regarding the password length, "TestTestTest" has the strength 4 whereas TestTestTestA has the strenght 13 ?
$endgroup$
– Mariusz
May 28 at 11:00
$begingroup$
@Mariusz for this implementation of the cipher, yes. And length is not the only factor of course.
$endgroup$
– Henno Brandsma
May 28 at 11:28
1
$begingroup$
A password is not a key. Although Blowfish accepts different key sizes doesn't mean that you should use passwords as key. I agree with Henno here: use a Password Based Key Derivation Function or PBKDF. If you want you could use bcrypt as PBKDF, which uses Blowfish underneath (just an implementation detail).
$endgroup$
– Maarten Bodewes♦
May 28 at 12:50
|
show 3 more comments
$begingroup$
It looks like the library is treating the string as the key to Blowfish, which has a veriable key size; the way the keysetup is done (with a cyclical use of the key bytes, see more details on the Wikipedia page) implies that key $k$ of length $n$ and key $k||k$ of length $2n$ have the same expanded key and thus an equivalent encryption/decryption function. Your "Test" example also illustrates this.
Usually from a string a key is "derived" using a KDF, which is then input to an algorithm that accepts keys of some fixed sizes like 128 bits etc. But Blowfish can accept 1 byte keys, and 300 byte keys too, so libraries often don't do this an accept the key input 'as is', without KDF being compulsory. Or they "pad" a string like 'Test' to 16 bytes with 0-bytes etc. Be sure you know what a library does before using it. Keys should be random and unpredictable, not dictionary words.
answered May 28 at 9:37
Henno BrandsmaHenno Brandsma
3,273916
$endgroup$
It looks like the library is treating the string as the key to Blowfish, which has a veriable key size; the way the keysetup is done (with a cyclical use of the key bytes, see more details on the Wikipedia page) implies that key $k$ of length $n$ and key $k||k$ of length $2n$ have the same expanded key and thus an equivalent encryption/decryption function. Your "Test" example also illustrates this.
Usually from a string a key is "derived" using a KDF, which is then input to an algorithm that accepts keys of some fixed sizes like 128 bits etc. But Blowfish can accept 1 byte keys, and 300 byte keys too, so libraries often don't do this an accept the key input 'as is', without KDF being compulsory. Or they "pad" a string like 'Test' to 16 bytes with 0-bytes etc. Be sure you know what a library does before using it. Keys should be random and unpredictable, not dictionary words.
answered May 28 at 9:37
Henno BrandsmaHenno Brandsma
3,273916
edited May 28 at 11:58
answered May 28 at 9:37
Henno BrandsmaHenno Brandsma
3,273916
answered May 28 at 9:37
Henno BrandsmaHenno Brandsma
3,273916
answered May 28 at 9:37
Henno BrandsmaHenno Brandsma
3,273916
3,273916
$begingroup$
So one of the ways is changing the blowfish algorithm to another one? Since the strength of encryption depends on the length of the password, apparently it does not apply to blowfish. For example, the password "TestTestTestA" would have the strength more or less the same as the password TestA?
$endgroup$
– Mariusz
May 28 at 10:42
$begingroup$
@Mariusz TestTestTestA is not equivalent to TestA, as it's not a repeat, TestATestATestA would be. The true solution is to use a KDF.
$endgroup$
– Henno Brandsma
May 28 at 10:47
$begingroup$
I have little knowledge on ciphers. So more or less, regarding the password length, "TestTestTest" has the strength 4 whereas TestTestTestA has the strenght 13 ?
$endgroup$
– Mariusz
May 28 at 11:00
$begingroup$
@Mariusz for this implementation of the cipher, yes. And length is not the only factor of course.
$endgroup$
– Henno Brandsma
May 28 at 11:28
1
$begingroup$
A password is not a key. Although Blowfish accepts different key sizes doesn't mean that you should use passwords as key. I agree with Henno here: use a Password Based Key Derivation Function or PBKDF. If you want you could use bcrypt as PBKDF, which uses Blowfish underneath (just an implementation detail).
$endgroup$
– Maarten Bodewes♦
May 28 at 12:50
|
show 3 more comments
$begingroup$
So one of the ways is changing the blowfish algorithm to another one? Since the strength of encryption depends on the length of the password, apparently it does not apply to blowfish. For example, the password "TestTestTestA" would have the strength more or less the same as the password TestA?
$endgroup$
– Mariusz
May 28 at 10:42
$begingroup$
@Mariusz TestTestTestA is not equivalent to TestA, as it's not a repeat, TestATestATestA would be. The true solution is to use a KDF.
$endgroup$
– Henno Brandsma
May 28 at 10:47
$begingroup$
I have little knowledge on ciphers. So more or less, regarding the password length, "TestTestTest" has the strength 4 whereas TestTestTestA has the strenght 13 ?
$endgroup$
– Mariusz
May 28 at 11:00
$begingroup$
@Mariusz for this implementation of the cipher, yes. And length is not the only factor of course.
$endgroup$
– Henno Brandsma
May 28 at 11:28
1
$begingroup$
A password is not a key. Although Blowfish accepts different key sizes doesn't mean that you should use passwords as key. I agree with Henno here: use a Password Based Key Derivation Function or PBKDF. If you want you could use bcrypt as PBKDF, which uses Blowfish underneath (just an implementation detail).
$endgroup$
– Maarten Bodewes♦
May 28 at 12:50
$begingroup$
So one of the ways is changing the blowfish algorithm to another one? Since the strength of encryption depends on the length of the password, apparently it does not apply to blowfish. For example, the password "TestTestTestA" would have the strength more or less the same as the password TestA?
$endgroup$
– Mariusz
May 28 at 10:42
$begingroup$
So one of the ways is changing the blowfish algorithm to another one? Since the strength of encryption depends on the length of the password, apparently it does not apply to blowfish. For example, the password "TestTestTestA" would have the strength more or less the same as the password TestA?
$endgroup$
– Mariusz
May 28 at 10:42
$begingroup$
@Mariusz TestTestTestA is not equivalent to TestA, as it's not a repeat, TestATestATestA would be. The true solution is to use a KDF.
$endgroup$
– Henno Brandsma
May 28 at 10:47
$begingroup$
@Mariusz TestTestTestA is not equivalent to TestA, as it's not a repeat, TestATestATestA would be. The true solution is to use a KDF.
$endgroup$
– Henno Brandsma
May 28 at 10:47
$begingroup$
I have little knowledge on ciphers. So more or less, regarding the password length, "TestTestTest" has the strength 4 whereas TestTestTestA has the strenght 13 ?
$endgroup$
– Mariusz
May 28 at 11:00
$begingroup$
I have little knowledge on ciphers. So more or less, regarding the password length, "TestTestTest" has the strength 4 whereas TestTestTestA has the strenght 13 ?
$endgroup$
– Mariusz
May 28 at 11:00
$begingroup$
@Mariusz for this implementation of the cipher, yes. And length is not the only factor of course.
$endgroup$
– Henno Brandsma
May 28 at 11:28
$begingroup$
@Mariusz for this implementation of the cipher, yes. And length is not the only factor of course.
$endgroup$
– Henno Brandsma
May 28 at 11:28
1
1
$begingroup$
A password is not a key. Although Blowfish accepts different key sizes doesn't mean that you should use passwords as key. I agree with Henno here: use a Password Based Key Derivation Function or PBKDF. If you want you could use bcrypt as PBKDF, which uses Blowfish underneath (just an implementation detail).
$endgroup$
– Maarten Bodewes♦
May 28 at 12:50
$begingroup$
A password is not a key. Although Blowfish accepts different key sizes doesn't mean that you should use passwords as key. I agree with Henno here: use a Password Based Key Derivation Function or PBKDF. If you want you could use bcrypt as PBKDF, which uses Blowfish underneath (just an implementation detail).
$endgroup$
– Maarten Bodewes♦
May 28 at 12:50
|
show 3 more comments
Mariusz is a new contributor. Be nice, and check out our Code of Conduct.
Mariusz is a new contributor. Be nice, and check out our Code of Conduct.
Mariusz is a new contributor. Be nice, and check out our Code of Conduct.
Mariusz is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f70862%2fblowfish-encryption-with-different-keys-produces-same-ciphertext%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
$begingroup$
@forest it does though. Read the keyscheduling code...
$endgroup$
– Henno Brandsma
May 28 at 9:38
$begingroup$
@forest he's not talking about bcrypt, which would give different outputs, but the classic encryption algorithm.
$endgroup$
– Henno Brandsma
May 28 at 9:39