Debian Bug report logs - #357363
libcrypt-cbc-perl: Crypt::CBC uses 8 bits salt for 16 bits ciphers

version graph

Package: libcrypt-cbc-perl; Maintainer for libcrypt-cbc-perl is Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>; Source for libcrypt-cbc-perl is src:libcrypt-cbc-perl.

Reported by: Allard Hoeve <allard@byte.nl>

Date: Thu, 16 Mar 2006 20:48:56 UTC

Severity: important

Tags: patch

Found in version libcrypt-cbc-perl/2.17-1

Forwarded to lstein@cshl.org

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>:
Bug#357363; Package libcrypt-cbc-perl. Full text and rfc822 format available.

Acknowledgement sent to Allard Hoeve <allard@byte.nl>:
New Bug report received and forwarded. Copy sent to Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Allard Hoeve <allard@byte.nl>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libcrypt-cbc-perl: Crypt::CBC uses 8 bits salt for 16 bits ciphers
Date: Thu, 16 Mar 2006 21:46:26 +0100
[Message part 1 (text/plain, inline)]
Package: libcrypt-cbc-perl
Version: 2.17-1
Severity: important
Tags: patch



Dear Gustavo,

Please see attached patch that fixes Crypt::CBC when using it with Crypt::Rijndael and other 16 bits ciphers.

Please also see attached script that tests correct behaviour.

Regards,

Allard


-- System Information:
Debian Release: 3.1
  APT prefers stable
  APT policy: (600, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.14.5-byte
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages libcrypt-cbc-perl depends on:
ii  libcrypt-blowfish-perl     2.09-5        Blowfish cryptography for Perl
ii  libcrypt-des-perl          2.03-3        Perl DES encryption module
ii  libcrypt-rijndael-perl     0.05-4        Perl module implementing the Rijnd
ii  perl                       5.8.4-8sarge3 Larry Wall's Practical Extraction 

-- no debconf information
[crypt-cbc.pl (application/x-perl, attachment)]
[cryptfix.diff (text/plain, attachment)]

Reply sent to 357363-forwarded@bugs.debian.org:
You have marked Bug as forwarded. Full text and rfc822 format available.

Message #8 received at 357363-forwarded@bugs.debian.org (full text, mbox):

From: Gustavo Franco <stratus@debian.org>
To: lstein@cshl.org
Cc: 357363-forwarded@bugs.debian.org, 357363-submitter@bugs.debian.org
Subject: libcrypt-cbc-perl: Crypt::CBC uses 8 bits salt for 16 bits ciphers
Date: Thu, 16 Mar 2006 19:07:39 -0300
Hi Lincoln,

Allard and I, working on a security patch for Debian Sarge found out
that the latest Crypt::CBC still has a problem.

You can read Allard' report, with a patch attached and a test tool at:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=357363

I would like to hear your feedback on the changes before patching
the Debian package in our development branch.

Thanks in advance,
Gustavo Franco - <stratus@debian.org>



Message sent on to Allard Hoeve <allard@byte.nl>:
Bug#357363. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>:
Bug#357363; Package libcrypt-cbc-perl. Full text and rfc822 format available.

Acknowledgement sent to Gustavo Franco <stratus@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #16 received at 357363@bugs.debian.org (full text, mbox):

From: Gustavo Franco <stratus@debian.org>
To: allard@byte.nl
Subject: [Fwd: Re: libcrypt-cbc-perl: Crypt::CBC uses 8 bits salt for 16 bits ciphers]
Date: Thu, 16 Mar 2006 20:45:57 -0300
[Message part 1 (text/plain, inline)]
Hi Allard,

I've just received this response. I will read it now, but i would like
to hear your opinion too.

Thanks in advance,
Gustavo Franco - <stratus@debian.org>
[Re: libcrypt-cbc-perl: Crypt::CBC uses 8 bits salt for 16 bits ciphers (message/rfc822, inline)]
From: Lincoln Stein <lstein@cshl.edu>
To: stratus@debian.org
Cc: lstein@cshl.org, Ben Laurie <ben@algroup.co.uk>
Subject: Re: libcrypt-cbc-perl: Crypt::CBC uses 8 bits salt for 16 bits ciphers
Date: Thu, 16 Mar 2006 23:01:38 +0000
Hi,

Please explain to me why you think that the salt must be the same length as 
the cipher key. It seems to me that the situation is exactly analogous to 
Unix crypt() in which the key is 8 characters long and the salt is 2 
characters--the salt is there only to thwart a dictionary-based attack; the 
security comes from the length of the key.

Perhaps you are worried because this seems analogous to the IV length bug 
fixed in the last release. I think that using an 8 byte salt with a 16-byte 
cipher is not analogous to using an 8 byte IV for a 16 byte cipher. In the 
former example, the randomization from the salt is spread throughout the 
entire generated key and IV, and the security comes from the number of bits 
of data in the whole passphrase. In the latter case, the latter 8 bytes of 
the data are being encrypted using a constant IV of 0x00000000, reducing half 
of the ciphertext to a weak ECB (dictionary-attack-vulnerable) cipher.

If you apply the suggested patch, then Crypt::CBC will be unable to 
interoperate with OpenSSL, which uses 8 byte salts for block ciphers of all 
sizes. I am Cc'ing Ben Laurie on this so that he can weigh in before you make 
any decisions.

Lincoln

On Thursday 16 March 2006 22:07, Gustavo Franco wrote:
> Hi Lincoln,
>
> Allard and I, working on a security patch for Debian Sarge found out
> that the latest Crypt::CBC still has a problem.
>
> You can read Allard' report, with a patch attached and a test tool at:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=357363
>
> I would like to hear your feedback on the changes before patching
> the Debian package in our development branch.
>
> Thanks in advance,
> Gustavo Franco - <stratus@debian.org>

-- 
Lincoln D. Stein
Cold Spring Harbor Laboratory
1 Bungtown Road
Cold Spring Harbor, NY 11724
FOR URGENT MESSAGES & SCHEDULING, 
PLEASE CONTACT MY ASSISTANT, 
SANDRA MICHELSEN, AT michelse@cshl.edu (516 367-5008)

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 20:21:34 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.