问题
I am writing code to encrypt the passwords and match encypted password to check if the passwords are weak. I have written encryption code using ECB mode API and it is not working as expected. There are few of the questions I am coming to while debugging my code. The only option I see, I can use is BF_ecb_encrypt.
1) ecb mode works on 8bytes at a time. What if my password has less than 8 characters? should it be padded randomly generated char? or with Zero's? Will it work this way? or any other possible way
2) Snippet:
BF_set_key(bfKey, strlen(achSalt), achSalt);
String strBuf;
while (len >= 8)
{
BF_ecb_encrypt(inStr,buf, bfKey, BF_ENCRYPT);
len -= 8;
inStr += 8;
strBuf += String(reinterpret_cast<const char*>(buf));
buf +=8;
}
Is there any bug in the code?
Thanks for help in advance.
回答1:
Where you say:
1) ecb mode works on 8bytes at a time. What if my password has less than 8 characters?
why not just set the minimum length to 8 characters for "security" reasons. people often have a password longer than 8 characters because if its longer and more complex, when encrypted its harder to crack.
来源:https://stackoverflow.com/questions/6980431/using-openssl-blowfish-encryption-algorithm-in-c