Permalink
Browse files

use built-in BF-ECB mode of OpenSSL instead of using BF-CBC and reset…

…ting the state after every block
  • Loading branch information...
1 parent 2411c6c commit ef92d36edc58768822a03dd7519c9b5c1308c5e5 @dominikh dominikh committed Sep 20, 2012
Showing with 5 additions and 11 deletions.
  1. +5 −11 lib/cinch/sasl/dh_blowfish.rb
@@ -55,18 +55,12 @@ def generate(user, password, payload)
password << "." * (8 - (password.size % 8))
crypted = ""
- cipher = OpenSSL::Cipher.new("BF")
+ cipher = OpenSSL::Cipher.new("BF-ECB")
+ cipher.key_len = 32 # OpenSSL's default of 16 doesn't work
+ cipher.encrypt
+ cipher.key = secret
- while password.size > 0 do
- # We have to reinitialize this every time because for OpenSSL, "BF" is synonynmous with "BF-CBC", and we do not want CBC
- cipher.reset
- cipher.key_len = 32 # OpenSSL's default of 16 doesn't work
- cipher.encrypt
- cipher.key = secret
-
- clear = password.slice!(0, 8)
- crypted << cipher.update(clear) # we do not want the content of cipher.final
- end
+ crypted = cipher.update(password) # we do not want the content of cipher.final
answer = [public.bytesize, public, user, crypted].pack("na*Z*a*")
Base64.strict_encode64(answer)

0 comments on commit ef92d36

Please sign in to comment.