Encrypted line changes on each run .

Werner Koch wk at gnupg.org
Fri Aug 1 09:14:28 CEST 2008


On Thu, 31 Jul 2008 22:51, mashrom.head at gmail.com said:
> I wrote a small application to understand ARCFOUR use .

Hust a few comments on the code:

>     plain_text = ( char * ) malloc ( size_of_plain_text );
>     out = ( char * ) malloc ( size_of_buffers );
>     deout = ( char * ) malloc ( size_of_buffers );

Please don't cast thye result of a malloc; Fro ages malloc returned a
void pinter which has been introduced to get rid of such casts.  Note
that C and C++ are different languages.

>     //Just null all
>
>     for ( i = 0 ;i < size_of_buffers; i++ )
>     {
>         out[i] = '0';
>         deout[i] = '0';
>     }

  memset (out, 0, size_of_buffers);
  memset (deout, 0, size_of_buffers);

is easier to understand.

>         err = gcry_cipher_open ( &handle2,
> GCRY_CIPHER_ARCFOUR,GCRY_CIPHER_MODE_STREAM,0 );
>         err = gcry_cipher_open ( &handle,
> GCRY_CIPHER_ARCFOUR,GCRY_CIPHER_MODE_STREAM,0 );
>
>         if ( err )

That is a severe bug - you wont catch an error from handle2.  Fix is:

          err = gcry_cipher_open ( &handle2, GCRY_CIPHER_ARCFOUR,
                                   GCRY_CIPHER_MODE_STREAM, 0 );
          if (!err)
            err = gcry_cipher_open ( &handle, GCRY_CIPHER_ARCFOUR,
                                     GCRY_CIPHER_MODE_STREAM, 0 );
          if (err)                                     
           {
              ....

>         err = gcry_cipher_setkey ( handle  , key ,256 );
>         err = gcry_cipher_setkey ( handle2 , key,256 );

Same here.

>     write2 ( "/tmp/encrypt",out,size_of_buffers );
>     for ( i = 0 ;i < size_of_buffers; i++ )
>         out[i] = '0';

Use memset for clarity.

>     read2 ( "/tmp/encrypt",out,size_of_buffers );
>     err =  gcry_cipher_encrypt ( handle2,
>                                  ( unsigned char * ) deout,
> size_of_buffers, ( const unsigned char * ) out,size_of_buffers );

I guess you wanted to use gcry_cipher_decrypt.

And again: Do not use Arcfour if you do not understand all the subtle
gotchas to use Arcfour in a secure way.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.




More information about the Gcrypt-devel mailing list