cipherids = (password % NUM_CIPHERS); // choose one of 18 ciphers
8<
The following are the ciphers:
"aes","blowfish","xtea","rc5","rc6","saferp","twofish","safer_k64","safer_sk64","safer_k128",
"safer_sk128","rc2","des3","cast5","noekeon","skipjack","khazad","anubis","rijndael"
But why?
Why not just AES? And do you realize how much RC2 sucks, and SAFER-(S)K64 has 64 bit key size?
does having different ciphers hurt? it allows short (user rememberable passwords to "salt" things)
unless any of these ciphers have been cracked, using them means that all the ciphers would need to be cracked.
using just AES means if AES is cracked then all the files are cracked.
so is having a sucky RC2 and a weak 64 bit layer in addition to AES worse than just AES?
cipherids = (password % NUM_CIPHERS);
cipherids and
password are not used inside the loop, who knows what it's supposed to do.
And how do you calculate modulus of
char*?
password does not change, so
cipherids is the same, too.
What are you doing, encrypting the same plaintext 18 times with different ciphers?
Besides bloating the code, it would be over 100 times slower than just using AES (+AES-NI), and think if someone wants to reimplement this part of the code using Haskell or something
i simplified the code before posting:
(*cipheridsp)[i]= (password[i] % NUM_CIPHERS);
it uses the ascii char val to choose the cipher to use. so if you have a 4 char pin code, this will map to using 4 of the ciphers. I apply it iteratively to the output of the previous cipher.
not sure how even 18 times becomes over 100 times slower, maybe AES is 10 times faster? if you like AES just use a one char pin code that maps to AES. it is up to the user. anyway the code is already done and it didnt bloat things that much.
James
here is the inner loop that applies the ciphers:
for (j=0; j {
i = (decrypt != 0) ? (n-1-j) : j;
cipher_idx = (cipherids[i] % NUM_CIPHERS);
ivsize = cipher_descriptor[cipher_idx].block_length;
ks = (int32_t)hash_descriptor[hash_idx].hashsize;
if ( cipher_descriptor[cipher_idx].keysize(&ks) != CRYPT_OK )
{
printf("ciphers_codec: Invalid keysize???\n");
return(0);
}
outlen = sizeof(key);
if ( (errno= hash_memory(hash_idx,(uint8_t *)privkeys[i],strlen(privkeys[i]),key,&outlen)) != CRYPT_OK )
{
printf("ciphers_codec: Error hashing key: %s\n",error_to_string(errno));
return(0);
}
origlen = len;
if ( decrypt != 0 )
ptr = decrypt_cipher(cipher_idx,key,ks,(int32_t)ivsize,data,&len);
else
ptr = encrypt_cipher(cipher_idx,key,ks,(int32_t)ivsize,data,&len);
}
if ( tmpptr != 0 )
free(tmpptr);
tmpptr = data = ptr;
}
Is that what we need for BBR?
