Jump to content

Recommended Posts

I am testing the DEC library and the AES algorithm (Rijndael).
To check the correctness of the result I use other sources of ciphertext. And I encountered a small problem.
I used two online generators and wrote a script in Python, but the results (ciphertext) has different length in each of them:

 

#devglan
#B623A479FC657E31F219287CD191075575B2FB56485D0C22E9168A2BF2289C7165CDA67586A486E14115C754ABA158A84A8C3B521E0DF87505D77649A8F1CB52A03D41E205849F28BCA2DE189A9C65CDB648DBC9F7D49AF2F1704B491E9E2DE6FC357ADC8E15733394C3C75B45570AE77A2A6CB6CC4418A558A78313C0C16478A7D61538B88B486BCAE89235D8FCEEB8

#domain tools
#B623A479FC657E31F219287CD191075575B2FB56485D0C22E9168A2BF2289C7165CDA67586A486E14115C754ABA158A84A8C3B521E0DF87505D77649A8F1CB52A03D41E205849F28BCA2DE189A9C65CDB648DBC9F7D49AF2F1704B491E9E2DE6FC357ADC8E15733394C3C75B45570AE77A2A6CB6CC4418A558A78313C0C16478

#python
#B623A479FC657E31F219287CD191075575B2FB56485D0C22E9168A2BF2289C7165CDA67586A486E14115C754ABA158A84A8C3B521E0DF87505D77649A8F1CB52A03D41E205849F28BCA2DE189A9C65CDB648DBC9F7D49AF2F1704B491E9E2DE6FC357ADC8E15733394C3C75B45570AE7

The common part agrees, but what are the extra bytes?

 

#devglan:

https://www.devglan.com/online-tools/aes-encryption-decryption

#domain tools:

http://aes.online-domain-tools.com/

 

Python script:

import pyaes, binascii
key = b'01234567012345670123456701234567'
plaintext = 'Some short description with looooooooong additional data like polish diacritical chars... łóżźćęół and digits 0123456789'
encrypter = pyaes.Encrypter(pyaes.AESModeOfOperationCBC(key))
ciphertext = encrypter.feed(plaintext.encode('utf-8'))
print('Encrypted:', binascii.hexlify(ciphertext).upper())

 

Initialization vector is set to 16 zeroes.

Share this post


Link to post

Would be interesting to check if the decrypting functions of each library is able to decrypt encrypted values generated by other libraries.

Share this post


Link to post
3 hours ago, Jacek Laskowski said:

I used two online generators and wrote a script in Python, but the results (ciphertext) has different length in each of them:

First lets see if we can find which one is right in length and which is wrong

012345670123456701234567012345670123456701234567012345670123456701234567012345670123456701234567012345670123456701234567012345670123456701234567012345670123456701234567012345670123456701234567012345670123456701234567012345670123456701234567012345670123456701234567012345670123456701234567
S o m e   s h o r t   d e s c r i p t i o n   w i t h   l o o o o o o o o o n g   a d d i t i o n a l   d a t a   l i k e   p o l i s h   d i a c r i t i c a l   c h a r s . . .   ł ó ż ź ć ę ó ł   a n d   d i g i t s   0 1 2 3 4 5 6 7 8 9
B623A479FC657E31F219287CD191075575B2FB56485D0C22E9168A2BF2289C7165CDA67586A486E14115C754ABA158A84A8C3B521E0DF87505D77649A8F1CB52A03D41E205849F28BCA2DE189A9C65CDB648DBC9F7D49AF2F1704B491E9E2DE6FC357ADC8E15733394C3C75B45570AE77A2A6CB6CC4418A558A78313C0C16478A7D61538B88B486BCAE89235D8FCEEB8
B623A479FC657E31F219287CD191075575B2FB56485D0C22E9168A2BF2289C7165CDA67586A486E14115C754ABA158A84A8C3B521E0DF87505D77649A8F1CB52A03D41E205849F28BCA2DE189A9C65CDB648DBC9F7D49AF2F1704B491E9E2DE6FC357ADC8E15733394C3C75B45570AE77A2A6CB6CC4418A558A78313C0C16478
B623A479FC657E31F219287CD191075575B2FB56485D0C22E9168A2BF2289C7165CDA67586A486E14115C754ABA158A84A8C3B521E0DF87505D77649A8F1CB52A03D41E205849F28BCA2DE189A9C65CDB648DBC9F7D49AF2F1704B491E9E2DE6FC357ADC8E15733394C3C75B45570AE7

As you can see the third one is shorter that the plaintext means its been truncated and data been lost, this is wrong and will not restore the data in full.

the second one is the right, the length is longer than the plaintext length but fit the block length for AES, this is right, but this will raise a question about what padding been used ?!!

the first one is the longer and does have one extra full block, should means a padding scheme been used for sure.

 

Now i explained what is going on with length, the question is this

What padding are you using? 

 

Also, googling pyaes, i landed here https://github.com/ricmoo/pyaes/blob/master/README.md and i would suggest that you read it carefully and try to understand the padding usage and its importance.

  • Thanks 1

Share this post


Link to post

Yes, you're right... it's about the padding. I didn't specify it explicitly and the default was used, hence there is a difference in the two libraries. Thanks!

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×