ID: 8839 Updated by: derick Reported By: [EMAIL PROTECTED] Old-Status: Open Status: Assigned Bug Type: mcrypt related Assigned To: derick Comments: I'll take care of it as discussed with Colin and Sascha Previous Comments: --------------------------------------------------------------------------- [2001-01-22 10:08:13] [EMAIL PROTECTED] The way PHP encrypts using Blowfish doesn't seem to be compatible with the published "standard" test cases. I've mentioned this to the author of libmcrypt, and he fixed part of the problem (see the CVS verions of libmcrypt, or whatever comes after 2.4.8). This adds a "blowfish-compat" mode which solves some endianness issues. However, PHP still isn't compatible with Perl's Crypt::Blowfish, nor (I imagine) with any other software that uses Blowfish encryption. Also, the 2.2.x and 2.4.x functions in PHP, when passed the same parameters, don't generate the same encrypted strings. Here are links to three files: the test vectors from http://www.counterpane.com/vectors.txt, test scripts using 2.2.x functions and one using 2.4.x functions, with and without long key handling. http://devel.easydns.com/~cmv/ All scripts generate some different results than the test vectors. The closest to getting them all right, is the 2.4.x script that emulates Perl keys. However, it still gives the "wrong" answer for one test case. - Colin --------------------------------------------------------------------------- Full Bug description available at: http://bugs.php.net/?id=8839 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]