Add CBC mode to blowfish and use it by default. #281
Conversation
|
I wasn't sure where to document the ECB / CBC key usage; in doc/tcl-commands.doc (and it's derivatives) or doc/settings/mod.blowfish; so I didn't add this to this PR. |
|
Hi Cizzle, thanks for another PR! If you're ever bored, come say hi in #eggdrop on Freenode sometime. We're currently feature-frozen for 1.8.0, but we'll evaluate this for 1.8.1 as soon as we go stable on the current RC (we're soooo close, I promise!). So, please don't take inactivity on this PR as lack of interest, we'll get to it shortly! .... and I can't wait for you to submit an AES module to replace this altogether :) Thanks again! |
|
Well, ECB mode could be considered a security flaw which is fixed by CBC mode? :) As for AES, this already exists? ftp://ftp.eggheads.org/pub/eggdrop/modules/1.8/rijndael1.0-pseudo.tar.gz |
Cizzle
force-pushed
the
feat_blowfish_cbc
branch
from
4753e4a to
6c29b18
Compare
Cizzle
force-pushed
the
feat_blowfish_cbc
branch
2 times, most recently
from
e5641fc to
da2c942
Compare
Cizzle
force-pushed
the
feat_blowfish_cbc
branch
from
da2c942 to
d9a0618
Compare
Cizzle
force-pushed
the
feat_blowfish_cbc
branch
from
d9a0618 to
974b11c
Compare
| return 0; | ||
| } | ||
|
|
||
| static int cbcbase64dec(char c) |
There was a problem hiding this comment.
Suggesting
static int cbcbase64dec(char c)
{
char *i = strchr(cbcbase64, c);
return i ? (int)(i - cbcbase64) : 0;
}instead.
3 participants
Found by: Cizzle
Patch by: Cizzle
Fixes: ECB mode
One-line summary: makes the default encryption module, blowfish, use CBC mode by default instead of the more insecure ECB mode.
Additional description (if needed): When using "encrypt" or "decrypt", the key can have the "ecb:" or "cbc:" prefix to explicitly set a mode to use. When encrypting, CBC mode is used by default unless the key has "ecb:" (case insensitive). When decrypting however, CBC mode is only used by default if the given string starts with "*", even when the key has "cbc:" prefixed.