The author of Crypt::Blowfish changed the default key size to 8 (from 0) in
the latest version - and at the same time Crypt::CBC has logic that will
either use a value returned by Crypt::Blowfish (if it's more than 0) or
default to 56 bytes.
So, the server OpenSRS code (running Crypt::Blowfish 2.06) uses 56 bytes for
the key size and if the client side uses the 2.08 version, then it will now
use 8 bytes for the key -> the client won't authenticate. Of course, upgrading
our server to the new version won't help either since then the clients using
the older versions of Crypt::Blowfish won't work.
I wrote the author of Crypt::CBC about this, meanwhile either use the 2.06
version for now or apply this patch against the 2.08 version of Blowfish.pm:
--- Blowfish.orig Tue Nov 13 01:19:45 2001
+++ Blowfish.pm Tue Nov 13 01:20:24 2001
@@ -31,7 +31,7 @@
sub blocksize { 8; } # /* byte my shiny metal.. */
-sub keysize { 8; } # /* we'll leave this at 8 .. for now. expect
change. */
+sub keysize { 0; } # /* we'll leave this at 8 .. for now. expect
change. */
sub min_keysize { 8; }
sub max_keysize { 56; }
Regards,
Vlad
On Mon, 12 Nov 2001, Charles Daminato wrote:
> This just came out, turns out it doesn't (yet) work with our servers,
> which are running 2.06
>
> We'll be running some tests to determine if upgrading the server does not
> affect clients running older versions of Blowfish. In the interim, you
> can get the older working version here:
>
> http://cpan.valueclick.com/authors/id/D/DP/DPARIS/
>
> Charles Daminato
> TUCOWS Product Manager
> [EMAIL PROTECTED]
>
>
