With all do respect, were talking *SYSTEMS INTEGRATION* here, and I've received a wealth of comments that clearly state this is the problem.
No amount of Blowfish documentaion is ever going to help anyone get blowfish "working" if some obscure proprietary hash is done on the provided key and then is mixed with some other proprietary bit bashing further downstream of Blowfish ....
In fact the entire reason that Blowfish was created was to provide a well documented, easy to implement, royalty free secure encryption algorithm to anybody that needed such. Blowfish is trivial and I don't recall *EVER* asking anyone to explain to me how Blowfish works. In fact I originally posted because my Blowfish code *PASSED THE BLOWFISH TEST VECTORS* that are provide by the author of Blowfish -- Thus pointing the finger squarely at a system software model problem. Again "Blowfish" is an completely ambiguious statement in terms of the systems persective, and it's the *SYSTEM* that we are trying to obtain a software model of not its pieces ......
Why is this such a difficult concept for people to comprehend?
On Tue, 22 Jul 2003 09:23:43 -0700 "Lynn W. Taylor" <[EMAIL PROTECTED]> wrote:
I hate coming off as an apologist, but.....
I suspect that the OpenSRS coding team is using off-the-shelf Perl modules and aside from saying "these are the modules that work" they have not done any development on encryption at all. They aren't doing anything different.
So the documentation on CBC and Blowfish and etc. belongs in the hands of those who wrote those modules. Tucows should point to that documentation.
In addition, we have a document that says that someone got this to work using one encryption library, and did an acceptable job of documenting what the various Perl "crypt" modules do. Presumably, the author implemented something...
We also have an Active-X component, that will take XML and handle the encryption and communication, or will build the XML and handle the transaction. I think he included source, and he's demonstrated it with OpenSSL.
For those of us who are not Unix types, I suspect using OpenSSL and the "closedsrs" Active-X source as documentation would be the easiest (next to just using the closedsrs component).
So, there are at least three implementations that work on Win32.
Yeah, doing a fourth implementation is probably some work. I suspect that most of the work is figuring out the right options for the encryption library, and how to feed it things like keys (i.e. as hex or binary) but that is just part of being a programmer.
-- Lynn
On Tue, 22 Jul 2003 10:29:01 +0200, Uroą?Gaber, PowerCom d.o.o. wrote:I totally agree with you.
There could be a "Random" IV specified i.e. (01234567890ABCDE - hex) for
and the hashes for the key and also the encrypted data.
Because it would be A LOT easier to do any implementation of the OpenSRS
API in other OSs or programming languages as PERL.
Hopefully someone at OpenSRS will agree with this and provide proper
documentation about the encryption "system" they use and provide this
trivial data to help people implement their API.
Because "hash the key and use the hash to encrypt data sent to OpenSRS"
in documentation doesn't mention anything about rehashing the hashed
key.
Uroš Gaber PowerCom d.o.o. Kersnikova 6, 1234 Mengeš, Slovenia P.E.: Slovenska 24, 1234 Mengeš, Slovenia Mobile: +386 (0)41 400-801 Phone office: +386 (0)1 723-01-62 Fax office: +386 (0)1 723-01-63 eMail: [EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of [EMAIL PROTECTED]
Sent: Monday, July 21, 2003 5:26 PM
To: [EMAIL PROTECTED]
Subject: Re: Question about a document
This is why I have *BEGGED* in the past for some test
vectors for each and every step of the encryption process.
Since there are so many steps / layers only a set of test
vectors will allow simple and quick debugging isolation of
ones code. And fact is such test vectors should only take
a few minute of work to provide .........
Interestingly when I've made the above request several
people suggested I was just a hacker trying to break into
other peoples accounts -- Which is a really silly and
ignorant viewpoint if you think about it, espicially when
I specifically asked for test vectors for a trivial key
.... So perhaps now OpenSRS, or others, would be more
willing to provide some test vectors as other people are
clearly interested in; native Windows operation, clear and
accurate docmentation, OS independent OpenSRS development
support, etc. ...
I suggest providing the test vectors for a trivial key such as,
012345678901234567890 ....... (hex)
or,
A5A5A5A5A5 ..... (hex)
for both DES and Blowfish since OpenSRS should never issue
such trivial keys.
Thank you.
On Mon, 21 Jul 2003 09:55:22 +0200 ?"Uroš Gaber, PowerCom d.o.o." <[EMAIL PROTECTED]> wrote:Hi!
Thank you all for the document. Got it from three sources now.
It's really useful, and I think that this should be documented in OpenSRS API documentation.
Never the less... I tried it with the encryption as the document has stated, and still no luck.
I've tried with different MD5 components, but it's all the same. I've tried with DES and Blowfish encryption. So if someone has any xperience with this, please let me know.
Again thank to all who supplied the document.
Have a nice day!
Uroš Gaber eMail: [EMAIL PROTECTED]
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, July 20, 2003 11:07 PM To: [EMAIL PROTECTED] Subject: Re: Question about a document
Thank you Eric!
On Sun, 20 Jul 2003 14:12:48 -0400 ??"WebWiz" <[EMAIL PROTECTED]>?wrote:Or, better still...
I've posted it at http://www.atlcon.net/downloads/opensrs/
Regards, Eric Longman Atl-Connect Internet Services
----- Original Message ----- From: "Uros" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, July 20, 2003 2:56 AM Subject: Question about a document
?Hi!
?I've been browsing through the dev-list archives and I stumbled on a
URLfor?a "decipher.doc / .pdf" document, that is dead. ?If someone has this document, please email it to me.
?I'm trying to create a new client for the OpenSRS in delphi, and I
didn't ?find any other usefull information on the encryption /
decryption part of
?the API.
?Thank you!
?Uros Gaber
