From owner-freebsd-questions@FreeBSD.ORG Wed May 20 09:53:55 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BAC4E106564A for ; Wed, 20 May 2009 09:53:55 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id 44CD98FC1A for ; Wed, 20 May 2009 09:53:54 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1M6iUj-00044q-5s for freebsd-questions@freebsd.org; Wed, 20 May 2009 09:53:53 +0000 Received: from lara.cc.fer.hr ([161.53.72.113]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 20 May 2009 09:53:53 +0000 Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 20 May 2009 09:53:53 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Ivan Voras Date: Wed, 20 May 2009 11:53:21 +0200 Lines: 48 Message-ID: References: <26face530905191810m2405b09av453f43049ed83345@mail.gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigC795F245F3B863AD8807BBCE" X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr User-Agent: Thunderbird 2.0.0.21 (X11/20090409) In-Reply-To: <26face530905191810m2405b09av453f43049ed83345@mail.gmail.com> X-Enigmail-Version: 0.95.7 Sender: news Subject: Re: Blowfish encryption key length X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2009 09:53:56 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigC795F245F3B863AD8807BBCE Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Kelly Jones wrote: > I want to use a random Blowfish key to encrypt files, so I did this: >=20 > dd if=3D/dev/random of=3Dmykey.bf count=3D100 bs=3D100 >=20 > to create a 10K byte mykey.bf file. I can now encrypt foo.txt by doing:= >=20 > openssl enc -bf -pass file:mykey.bf -in foo.txt > foo.txt.encrypted >=20 > However, "man enc" says "Blowfish and RC5 algorithms use a 128 bit key.= " >=20 > Does this mean mykey.bf could've been just 16 bytes (128 bits) long? Yes. > Or am I misunderstanding the word "key" here? That's how block ciphers work, nothing special here. Keys must be of the size(s) supported by the algorithm. If you read the openssl manual more closely, it says it expects the password file to be a text file, containing lines of text, and the first line will be used for encrypting. It will most likely hash the password thus retrieved into a suitable key for the cipher. --------------enigC795F245F3B863AD8807BBCE Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoT0x0ACgkQldnAQVacBciGcwCg8AeDLuJC338MoZZGIoOUcRLp O8IAn3m6Sjt1VzTYuddjIcSijZXjvmYE =PzTl -----END PGP SIGNATURE----- --------------enigC795F245F3B863AD8807BBCE--