Blowfish Cipher Tutorials - Herong's Tutorial Examples - v2.03, by Herong Yang
Salted Key Generation Algorithm
A tutorial example is provided to confirm the Salted Key generation algorithm used by the OpenSSL 'enc -bf-ecb' command. The algorithm is using the MD5 hash function repeatedly on the given passphrase and the given salt to populate the secret key and the IV.
In the previous tutorial, we confirmed that the OpenSSL "enc -bf-ecb" command will derive a secret key and an IV, if you specify a passphrase and a salt. But the OpenSSL does not tell us what algorithm is used to derive the Secret Key and the IV.
By reading documentations of other cryptography tools, I am guessing that OpenSSL is using the following Salted Key generation algorithm to generate secret key and IV:
Input: Passphrase: The passphrase of any size Salt: The salt of 8 bytes Output: Key: The secret key of 16 bytes (128 bits) IV: The IV of 8 bytes (64 bits) Algorithm - Salted Key Generation: Buffer = empty : Open a buffer to collect hash Raw = Passphrase . Salt : Initialize a raw byte array Hash = MD5(Raw) : Generate MD5 hash of 16 bytes Buffer = Buffer . Hash : Append to the buffer to 16 bytes Raw = Hash . Passphrase . Salt Hash = MD5(Raw) : Generate MD5 hash of 16 bytes Buffer = Buffer . Hash : Append to the buffer to 32 bytes (Key, IV) = Buffer : Split buffer to become secret key and IV
We can actually use the OpenSSL "dgst -md5" commands to simulate this algorithm. If the simulation result matches the secret key and IV we see from the "enc -bg-ecb" command, we know that OpenSSL is using the above algorithm.
C:\herong>del buffer.txt C:\herong>del raw.txt C:\herong>perl -e "print 'MySecret'" >> raw.txt C:\herong> \ perl -e "binmode(STDOUT); print pack('H*', '0000000000000000')" \ >> raw.txt C:\herong>\local\gnuwin32\bin\openssl dgst -md5 -binary \ -out hash.txt raw.txt C:\herong>perl -e "while (read(STDIN,$_,1)){print $_;}" < hash.txt \ >> buffer.txt C:\herong>copy hash.txt raw.txt C:\herong>perl -e "print 'MySecret'" >> raw.txt C:\herong> \ perl -e "binmode(STDOUT); print pack('H*', '0000000000000000')" \ >> raw.txt C:\herong>\local\gnuwin32\bin\openssl dgst -md5 -binary \ -out hash.txt raw.txt C:\herong>perl -e "while (read(STDIN,$_,1)){print $_;}" < hash.txt \ >> buffer.txt C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" \ < buffer.txt 0b90d83d1a281a744f4f340911d8e0a6 6ff60fcd91d7f34e 4f54a143b17934a9 --------------------------------|----------------|---------------- Secret Key IV not used
Now compare the secret key and the IV with those derived from the OpenSSL "enc -bf-ecb" command:
C:\herong>C:\local\gnuwin32\bin\openssl enc -bf-ecb -e \ -pass pass:MySecret -S 0000000000000000 -in 0000000000000000.txt \ -out cipher.txt -nopad -p salt=0000000000000000 key=0B90D83D1A281A744F4F340911D8E0A6 iv =6FF60FCD91D7F34E
Cool, we have a perfect match! The Salted Key generation algorithm described above is confirmed to be the algorithm used by the OpenSSL "enc -bf-ecb" command.
Table of Contents
►OpenSSL "enc -bf-ecb" for Blowfish/ECB Encryption
Installing OpenSSL for Windows
OpenSSL "enc" Blowfish Ciphers
Ways to Control Secret Key and IV
"bf-ecb" Cipher with Literal Key
"bf-ecb" Cipher on Multiple Blocks
Secret Key Padding and Truncation
"bf-ecb" Cipher with Salted Key
►Salted Key Generation Algorithm
"bf-ecb" Cipher with Random Salt
OpenSSL Default Padding - PKCS#5
OpenSSL "enc -bf-cbc" for Blowfish/CBC Encryption
OpenSSL "enc -bf-cfb" for Blowfish/CFB Encryption
OpenSSL "enc -bf-ofb" for Blowfish/OFB Encryption