Blowfish strength
[1/11] from: holger:rebol at: 10-Jul-2001 16:00
On Sat, Jul 07, 2001 at 12:26:59PM -0500, Paul Tretter wrote:
> Ok. I tried this several different way and the only way I could get it to
> change the strength was to call the change to the refinement after the port
> spec creation.
Don't do that. Changing the strength value after port creation has no effect.
--
Holger Kruse
[holger--rebol--com]
[2/11] from: holger:rebol at: 10-Jul-2001 15:59
On Sat, Jul 07, 2001 at 11:15:40AM -0500, Paul Tretter wrote:
> Is there a reason that strength is always set to 40 even though you set it to 128.
Notice the following:
> >> crypt-port: make port! [
<<quoted lines omitted: 6>>
> [ ]
> >> probe crypt-port
It is because the key "REBOL" is 5 bytes long, i.e. 40 bits long. If you use a longer
key then strength will reflect that, e.g. the key "This is just a test" will result
in strength to become 128. Strength always reflects the true, resulting key length and
is set to the largest value supported by the algorithm, the key and the license (export
or full).
--
Holger Kruse
[holger--rebol--com]
[3/11] from: ptretter:charter at: 10-Jul-2001 19:49
Thanks Holger, I understand completely now what your talking about. I
kept trying to understand why doing so got me more than 576 bit strength.
Your reply has me now in understanding.
Paul Tretter
[4/11] from: ptretter:charter at: 11-Jul-2001 10:53
I'm a bit confused as to why it initially gets set to 128 in the make
port! spec. How can you change it interactively?
[5/11] from: holger:rebol at: 11-Jul-2001 10:56
On Wed, Jul 11, 2001 at 10:53:22AM -0400, [ptretter--charter--net] wrote:
> I'm a bit confused as to why it initially gets set to 128 in the make
> port! spec. How can you change it interactively?
'strength defines the key length, and can be set to any value you want
in make port!. You should set it to the key length you want to use, e.g.
to 128 if you want to use 128-bit keys. You can also set it to the word
'export to indicate that you want to use the strongest encryption which
is exportable from the US.
After creating the port, 'strength contains the resulting key length used
for encryption. It is always an integer, i.e. if you specified the word
'export then REBOL fill is in the actual key length for you.
Usually the value of 'strength after port creation is identical to the
one you fill in, but there are a few exceptions in which the resulting
'strength value is different from what you specified:
If the key you specify is shorter then the value you specified in 'strength
then 'strength is reduced to the key size (in bits). For instance setting
the key to "REBOL" means that 'strength will be no more than 40 bits, even
if you set 'strength to 128 to start with.
If your REBOL license is "export-grade" only and you specified a key
that is longer than allowed for export then 'strength is set to the
maximum key length allowed for export.
If the resulting key length is one not supported by the particular
algorithm then 'strength is adjusted (usually upward with padding)
to a value that the algorithm supports. For instance Blowfish only
supports key lengths up to 576 bits, Rijndael up to 256 bits, in
certain increments.
--
Holger Kruse
[holger--rebol--com]
[6/11] from: ptretter:charter at: 11-Jul-2001 13:11
Ok. Let me see if I got this right now. As long as the key is a big as the
strength setting the then the strength setting specified in the make port!
spec is used otherwise the 'strength setting will be whatever the size the
key is with the execptions you mentioned - Correct?
If so, then the 'strength doesnt necessarily have to be defined as long as
the key is if I understand this correctly. Thanks for the detailed post on
this subject as its quite enlightening.
Paul Tretter
[7/11] from: ptretter:charter at: 7-Jul-2001 12:26
Ok. I tried this several different way and the only way I could get it to
change the strength was to call the change to the refinement after the port
spec creation. Such as this:
encrypt-decrypt-func: func [strength type][crypt-port: make port! [
scheme: 'crypt
algorithm: 'blowfish
direction: type
key: crypt-key
padding: true
]
crypt-port/strength: strength ; this call did not work when provided
within the make port! block as strength: 128 or strength: strength
]
[8/11] from: ptretter:charter at: 7-Jul-2001 11:15
Is there a reason that strength is always set to 40 even though you set it to 128. Notice
the following:
>> crypt-port: make port! [
[ scheme: 'crypt
[ algorithm: 'blowfish
[ direction: 'encrypt
[ strength: 128
[ key: to-binary "REBOL"
[ padding: true
[ ]
>> probe crypt-port
make object! [
scheme: 'crypt
host: none
port-id: none
user: none
pass: none
target: none
path: none
proxy: none
access: none
allow: none
buffer-size: none
limit: none
handler: none
status: none
size: none
date: none
url: none
sub-port: none
locals:
make object! [
encrypt: true
keystate: #{
B4A2E9A35F1EEF6B47C49C20047FADAF58E292B0E81C9C47EB11666DF9192DD5
49686504307E5CD69CB8218BD8C828B227B633D19F1E7C7010798BC64E5B5542
AF1CCDD8B615D993F67CA355178D452EE8414FD9FDA2DF8B2E4A4E9A715C52DA
DE66C4D6776CB09F0D02F3ED3F4E68104098BBEB8EFE939F7F277A33AF2E794C
E7DBB601DDAF23B845BE7207FFEB8FBEF99514B2010071A94E9345257A24E56F
FF533049BC0109D7331FCE1E0FB72FF5E22E85B6EF82F76A28398D9FF4064F45
4AC0F2BD4F6633AF85B58F4A170019CEFF4C668DE1D57127FB565599D8541DCB
765D538BD89EA3FCFC9AF794E6CB2D8822EBBA167164ACA46194826A27CE34DB
4689B96E258663A385F5C14413F2A24E836893581991C27C1FFBDE497EF20A28
3CEE8F9135544A9092D90346B2D5A5AAAE1C21D2D24CA0288FBBCB6253B26BA4
BDBC6D149B780599B94F6326F30268C6937686F03106E8C0B8A3A7D8FDCD9BC3
1E377EC0935CF6A7FD78592DD6A9DE1CE885AA27AE2710E4409516FD09F656B2
700A6DF99C8A6CF5CF63FECC38038C3CB8012BBE89D573AF1CBC8F4CAB641E62
66F325699C02E26C7678A9783CABA4E4B03D17D0B70C6560398063D396F08E81
E589385314F85C134B31ABDEFD075EF29B0E8AC14CB106FFCFF40A049A68906B
80D1EB08F184F1C06830B6A40A96A90293309C186226E123CE476970B948C77E
12EDD8F2152AA7B759AE77AC1444E606635B1832263AEF111FB9EA9FC12469E7
F21F61C2AFC72B37B8299A144AA58AD5C649776061D911B6B42461AC76D7FC26
6F14CFB4B8520A1B191475045C1F59B21830F5CFD84E47476C2C36575C5F3E38
EDF5187918C3F4F24BCEDBE8AC3FBCDA18D2D746707F5520ACD78BD073204E6F
A1B04F08272F385F9AAA2B42210D8A2B0FF7B4E2ED26B5FBD72529DDE8546433
41A6E0DABF507FAFA2EF8ECF5FA531D61BC42CBED8B3D16207A7C1F74C97B11E
5435A7EA08B405A91EB0B384313754D5438698B1556327733385436DF4B4B043
10058E22BA6673D123892FF13F6E14FAC1D5334C4840F113DD081595EAD0412C
474DFA202427C238298E592604AE3838A74F0F1F91509F57559808A52E0854BC
31AE5BF22B23FFF8101B5E34AB84BDD36DE051B93DF93DCCA74564AEE78D569E
246A54337FD57EE7861240D08254E6248D2F79B93FD5532A9E98CB2FBD38366E
DA24147FD6D8EC272950E0420B65DF1BFF6579E9CE36BF65BC19FE088B53D89C
2123D0D3CA5956B31420741660AA4A81A0922D303C7DFEBB138C6DB8F7A88305
FEDAC45B6E0AF935373D5907BE9C81FE9AA56325066D7C8B120E1F409A37D478
1AC548B7AF48A57D1C7E33E6E74E7C54D766E2D6E36F3752960D4DBC50C9EA3B
F03CE8E0AF56078E4E4AE08DE1EBA4E0FE3DDD6C3935DF81B038C075C2FE702D
141DBCF200E0CED8E8F716E1F6E645A7BC07D06C7AC9FC7E90A14FFA1B3B02EF
7202E38C976173D5FF5293104A2128492E854B46C8613752EC1F19CB32F3F8B8
E0D2F1040633958B32DBFA76EF11298F5096C4256DE961C6BC531C7D29609BFA
641907A1F94473AD75CC6D41B580F9AFE13FA2E8EABBD1336142FF40062426CA
A90B498E9625C0F442C92859A4D1542AB81529FE6771E6D36399FE1B743EBC57
A6903BA57C53ACAAB504D8A450C5EA62731B49D6303A2E050689215D363FA2A6
B9D7C51885470CA0A23E15372CEFD30FF743C5791D833EBCA686AB88FB10641C
1FFE281AF6D60552EB240008B0272BA2ABCB5A005393023266C63D81E5995521
B742C722780F12654D7B01A6F9CE0147A4C3EC57D21199F19CA14DF09EF2F35E
11E92B31E7C25EBE82AF18B16F2FD2FA1E1A57067E55C863BD8DCFBC615A0CD1
E18314217049F3243074105F06D3C98FF1DF71D6ED68DAEE56BC489B48A9AC1A
C9A97A61AD7932E3CEBBFAC59D3ADF7B376E8993F2A3642C070F9446AC2A76CA
D4879C2E6535B30B5D4B26B1E7BBADB51C4FD088591E20F4DC36CB0BA1BF393A
B537CDB4AEE31F490CEA39CB87E76D89F24E6D92E5795030038A3245F305B980
164F61D2C4D272944CFA00F48F66757D0D32A664BE73491CEE780239A8ED921F
9C800C57C47944EFC3FE3C296864FEDAC43C057418D74EF1F058F57F41A84694
D2D701474E3ED2FB6C8FBD83976C01561AF0E59575A8476B1FE971B0ECA8C21F
D4088F8EE9F83495FF8CD5A8F43C71968BF413B3CBCA2E85F23495CCAF15D668
08CEE8CFD7D85310077F730C52CE78741B81831AF03AB78287ED9C23E65EF2C3
132BB96F7EFA04F712E1B63CE3D729C7443DC053B00F2267D17B691B9ED86134
DB3D37B23302EA858EB727101607B3BBADD9ED1B8A23A990D94BFED60ADE833B
6D5EA9F9FC9A0B084C38D9BF3ADB1E9EED7900463A98A06A7893F5B1C8863747
9466198D89B5BA5CCBE4888147D1F270A843F715217B3BA600F48C1CB2C2B92F
F8932F5E28C8D7E3D002505B315754994D6577F253702860F2BFBA9D0BA71FF4
5B898F5C303DB91E042795AD9031C1E97D9A672D0DD434CD3663D0B2664FA618
7A712A4A0CC1F47567DB3E88BDC8848C202FF7FCFDE187ED35F2143E79425C0B
2B46CC254CFD6AD14DDA92A54A04ABA33F81FEE6BFF7F2F89C3785BE5DC6A04F
DC842975785D8876FBB6B706D945048767D5F1C013CF109DCE8D4E544CF11427
8C93C50931F608AF93DD1866ADFB684859F9C1A272D3347EA0DC62C018185466
6E5227477688638E866995AB9C044DE0872EA921E200516C6400385AC9FE8472
076CC7489AD4691ACBE7626E2BE0546DD5FB4CEAC2983DDEEF38AE74FE0EE420
DF02594E8ECE6D6AC9D87FDFEBABA201A169D2AE5028C900DF138CFBEC702BF9
03F15B0BD5C5991A7978C79A06CA70C8E58A789B551036A286FE4C579BDBB2C8
89A26CE42F5E9546AE213B9E3532A7AFFACE2E95430B152889BBB2911094DDB8
A875D6966772CB33455E3193FB2FB573FDA81D1AA010CE6A493AF47C64643481
9A9A04756AD85380A655003D1BFD4464CBEBB7E36998B61A3CBAE43D959FAA9F
DF8455D097122780FF5ED35C7D155FAA6DC4420F7DD12FDDD62C7CA692D2A095
392A0E1ED110D8B323E0ED5B5D9F1E308EC59C3354B76A2E612E2154D5AF67CC
A31B9C03D6215573BB077E22B365E4B8FFE16FA208D23C240A2D86575712A454
2057E136D8542441EC86A2C45DF5BB18CAFC0225C33BD8A9FC6F2423630E98B0
99A4E240EC6355697A3FD8FD23A0E066597FA724D8327E0897D5999A388F5EF7
E2BFF3F4A8EFF9433446711AACDF8C94B869186F39C86B55B551C9BAF5E390D3
54FD6AAD0B6E789CBE6369C44B32B794990522594533D5C47B09390E0F2FD3F6
239C3F0BE9296FE652C747A3B8CDA8345075D7ECED35B9DB07B3D9F94FED52A6
FF10A6C8DBDF8720F388753FA7842689F97F8D9F8023A3D2E2C0B6032958EC79
7D50A4CFAF73810700B798E1FFF8D3F22755636907B6E29DBC48DBBD3C560CFE
61ECD731B89B27CBAE26A55EC0B125600073C910A895D50A4BBB2ABBA20266A6
896343474038999B4292691079A1117CD4429CBDF6964B787676AC4D0F0FB370
9A5395BA88CA63F6AC95A52DD5022DAF67175A2641C543FECD78BD4E1858AF60
380D88AD62E5CE28DFAE30A390E4CE21F4FF449F7CF332533AD0184FF4CB9E04
9A02B2AF9E8591300090D31D208B525D350EFB50D0CC91E8E5F475E84C81A773
6EC2EC591C6ABDCFBC49F0E15CC5AD9FCE3F98179C914BBFB974F0CBD95D51AF
740F18BEC3849EB19FA0A5202D45E535F552DD18B8CD4FBCA02EA71602EEBB0D
FE1438643121A697845158B7019FAD4DB9EE36FD427C110C2E1AD8CC9ABE066A
3444C297DD825457A15B8AB3AD754B691D72F57708CAD1BDFAD3C4DBF8CCCF6D
846AFB3D37923253B547C31839B5310D194F54D836E26C9AFD9994F3F605A239
F085E61A49C7088D8E9B1CAB96696128A3143914417FF1FF604036566B856F4F
2C503A2A45ED7D5867371B5E14EC31940383B61CE82454B81FEB778CAB1815B0
04DA3E2AC2D6B16205FCFBED08315529E8D2DA3C1839676552995E3FC81FC21E
75F30BD9614BBB045D7B815F7D8BFAD3A1E27CE9B863AB4927A31FFDCAD2400E
7D1375F9D51FA4F55BE88CA070855E5DD0133793FD2B7A65F528DB85225ECD8F
7F13D38800FCB992711C6197EE7FCEFD182602046AF6266649B05A93E7079EEF
2E6B9DA7B1F9654C271F95B953615F78C79AB75BDF66C7855E1D13F378E58866
AD3428F3552646A42E999DFD38D94FB23ACB967EAE7C70BE786344A6B2F727DF
10ADBA752A5CFC5A784F0718C51090C327E1DB91F34982B1F46B8AAFDFE72926
0C754AD7A0D11A3672A670427CBA0EEDD18018876BD45535FE184DAC9D3CD8CF
E5F74EC2C7E318D5BD55CC363C7E060880EC3A328501E2BC3D94AA0BB82FFE4B
5BFE238488AA2C196FC5E2A674A467CE0DD7425740FC9A0168FC9FD5333E6FCD
F3CE762050D6955D295D232AA1A0E8F3A9D0E4CC2C0B96CC7CF3D4519E2DA503
C296C63F14DBDBDA7EC46D234FE62CF5CBAEC6B07AC4A62ADF9C7524DFBE9E3F
0A66949A40458BD9253267FB4484F7A9534501B0C0702EDF6729D22997C7C2A1
AA47C87132EF7AC2F261E014DA447D39E46A085CE667D33233BF4AB616D4D863
08D3E9EC0235B3B53B0B80C220180D05275EE754106B460A69A13B5BD18268AC
8969A527701723C902B861BE75D8515DDEB8FFA240AF168394C9DF7FF1D0CE86
BCF2C5D91B0433393491B173D791F2D4ED6125AA4816F393C0B5DDB1CFB17718
5A460F03D78D4E854E1C7A63EA848DB3967F3203E80290223B1B4A3C79D981A2
90EF29742025B1E3598E3223D4F716E070CCB11FCA1CB5A9926E7CF021216F60
693B8DD4376360663D85872C241BF9C7F16954D454F087BCD4840D598C039C40
9AEB184E7728BF4E514DFD63742BD632B95F2FD5B5B4F75BAF6DA3CD8887A7F9
8623E9935025E297D4ADF5F0814A8DBE09BEBC0BBEF411B0E9E2E390CEED3A93
62C035B297873A1499005A2B30CA72F89965332EA385C2F719608A02514C2CD5
3CA861674E78BE39153ECFC8AF038F46312BCDADA801A125BC1408DB719A356D
57D8DF5A62EB78605DF8B3A9EC3E18328F25EB81BB58692D95A1654762C2E0BB
23E03F7CA3E84E08BD8B76A8F69C087ED173876252D0DA37DE2B49ABDFE1FDC3
EB743B943AA7DCC807F897A676D0E5DDE545C726765C41B942A775E2752E2E5E
DF2A5D131778DA0BDF97E67535F4EAB85104935AB682051DF65E5C4E038E6AE7
C720A80BA507104870C823AB3E9017119AEBAAC4CBDCC71E442367CFD7D935EB
2E4E70BFB20FC6B09C19B32505E36BACE3275050B12B215A5604AE73CA236815
0DE39FB4B3163F885428D85BC9F73D89BF5BF6C89F58036E2E9DBDA6B55E460A
FE4DBC453821081E4853B3728CF0099D2E872642CA69E31052592C8F632ACF98
F49E6F77B079FCE1A91885DE92DB1EC87442FB3243A81F3DFDE240D38A3FCEC0
5594D0303EB762914EC8E49EE9D8CF3DD4E43035946F66EE8485296BCCE51924
8F79A168DA6ABEF47F049E8E8EC6E3DD57CE1F61916989C1C02A7DEFB7060FBD
008A9266CF8C55D290735FF9B816A718CAFECDFB14206AC347E2E7CB4E7B125B
865C175C5C2F6F30CDCF366F86ABF8D4D56987C4F69F2295A13E3C4992013CF9
AB97031138ECA7FE3A611B88367D3B50E2D73B7895921494F5B8E77218724EE1
E13C99FC33C9C28EC4DB813B77A7B6CC4667827625B9FF61D746B7514363E7CE
7BBE09C423617A14808C5C0F9326EDE91A20C9EBDDEF06B2F740FB89A45C082A
B0182049AEDC477A
}
blockbuf: #{}
algorithm: 0
keystatesize: 4168
blocksize: 8
inbuf: #{}
init-vector: #{0000000000000000}
block-chaining: 1
padding: true
]
state:
make object! [
flags: 0
misc: none
tail: 0
num: 0
with: none
custom: none
index: 0
func: 14
fpos: 0
inBuffer: none
outBuffer: none
]
timeout: none
local-ip: none
local-service: none
remote-service: none
last-remote-service: none
direction: 'encrypt
key: #{5245424F4C}
strength: 40 <------------- Why is this here?
algorithm: 'blowfish
block-chaining: none
init-vector: none
padding: true
async-modes: none
remote-ip: none
local-port: none
remote-port: none
backlog: none
device: none
speed: none
data-bits: none
parity: none
stop-bits: none
rts-cts: true
user-data: none
awake: none
]
>>
Paul Tretter
[9/11] from: petr:krenzelok:trz:cz at: 8-Jul-2001 11:34
US export restrictions allowing to export only 40bit keys? Only some
countries outside US are allowed to have full 128bit encryption keys ...
... but I can be wrong here!
-pekr-
[10/11] from: ptretter:charter at: 8-Jul-2001 8:07
Yeah, I'm away of the restriction but what I'm wondering is why I couldn't
change it with the port spec until after the spec is created. And does this
mean that my key code is not breaking the 40 bit encyrption limit. I
concluded that when I make port in this manner that the 128 bits are
reverting back to 40 bits:
crypt-port: make port! [
scheme: 'crypt
algorithm: 'blowfish
direction: type
strength: 128
key: crypt-key
padding: true
]
However after I have created the port it appears that this works:
cyrpt-port/strength: 128
Not sure why I have that problem - a bug maybe?
Paul Tretter
[11/11] from: ptretter:charter at: 8-Jul-2001 8:30
There is also something else that puzzles me about this. I think the
strength refinement is useless to the port spec in my case really since I
get no error messages when I surpass the 576 bit limit for blowfish. I know
I must be missing something here - any ideas?
Paul Tretter
Notes
- Quoted lines have been omitted from some messages.
View the message alone to see the lines that have been omitted