On Tue, 20 Oct 2009, Mindaugas Kavaliauskas wrote: Hi,
> > + added PRG functions for BlowFish encryption: > > hb_blowfishKey( <cPass> ) -> <bfKey> > > hb_blowfishEncrypt( <bfKey>, <cData> ) -> <cCryptedData> > http://www.schneier.com/blowfish.html says: "It takes a > variable-length key, from 32 bits to 448 bits ..." > Is cPass parameter a key? Or key is computed using this password? <cPass> is the key from above description which is transformed to <bfKey> used in encryption/decryption algorithm by hb_blowfishInit() function. > If cPass is a key, what will happen if it is shorter than 32 bit? I haven't analyzed it mathematically but probably in such case it's a big risk to chose week key. Technically you can use any non empty string as cPass. Bytes from cPass are used cyclically to create 32bit values used to xor keys in p-array. The implementation I committed does not follow the original BlowFish description but rather reference implementations which instead of xoring keys from 1 to 14 xors all 18 keys. It means that insted of 448 bits upto 576 bits from passsed cPass is used. best regards, Przemek _______________________________________________ Harbour mailing list Harbour@harbour-project.org http://lists.harbour-project.org/mailman/listinfo/harbour