You are probably running into this problem:

https://github.com/ruby/openssl/issues/73

On Wed, Nov 30, 2016 at 1:19 PM, Pedro Ribeiro <pedrib / gmail.com> wrote:

> Hi,
>
> I'm trying to understand why there is a difference between Ruby and
> Python when using Blowfish encryption in ECB mode. Using the same
> algorithm parameters, and the same input, the encrypted output is
> completely different.
>
> Behold these two code samples:
>
> RUBY==================
> require 'digest'
> require 'openssl'
>
> cleartext = 'whatevs'
>
> md5 = Digest::MD5.new
> md5.update(cleartext)
>
> payload = (md5.digest + cleartext).ljust(0x80, "\x00")
>
> puts "plaintext: " + payload.unpack('H*')[0]
>
> secret_key = "supersecretsupersecret"
>
> cipher = OpenSSL::Cipher::Cipher.new("bf-ecb").send :encrypt
> cipher.key = secret_key
> cipher.padding = 0
> binary_data = (cipher.update(payload) << cipher.final)
>
> puts "ciphertext: " + binary_data.unpack('H*')[0]
>
> cipher = OpenSSL::Cipher::Cipher.new("bf-ecb").send :decrypt
> cipher.key = secret_key
> cipher.padding = 0
> str = (cipher.update(binary_data) << cipher.final)
>
> puts "decrypted: " + str.unpack('H*')[0]
> RUBY==================
>
>
> PYTHON================
> from Crypto.Cipher import Blowfish
> from Crypto.Hash import MD5
> import binascii
>
> cleartext = 'whatevs'
> md5_key = MD5.new(cleartext).digest()
> payload = (md5_key + cleartext).ljust(0x80, "\x00")
> print "plaintext: " + binascii.hexlify(payload)
> secret_key = "supersecretsupersecret"
>
> ciphertext = Blowfish.new(secret_key, Blowfish.MODE_ECB).encrypt(payload)
>
> print "ciphertext: " + binascii.hexlify(ciphertext)
>
> print "decrypted: " + binascii.hexlify(Blowfish.new(secret_key,
> 1).decrypt(ciphertext))
> PYTHON================
>
>
> Running these, I get the following:
> ~ > ruby /tmp/test.rb
> plaintext:
> 030fa889aa00fc6554023a9aad8c9ca17768617465767300000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 0000000000000000
> ciphertext:
> e7fd839dbc4762226b1086170e8227c2e2e4c54ee4f51fbd2e4bd6de84ea
> fc452e4bd6de84eafc452e4bd6de84eafc452e4bd6de84eafc452e4bd6de
> 84eafc452e4bd6de84eafc452e4bd6de84eafc452e4bd6de84eafc452e4b
> d6de84eafc452e4bd6de84eafc452e4bd6de84eafc452e4bd6de84eafc45
> 2e4bd6de84eafc45
> decrypted:
> 030fa889aa00fc6554023a9aad8c9ca17768617465767300000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 0000000000000000
>
>
> ~ > python /tmp/test.py
> plaintext:
> 030fa889aa00fc6554023a9aad8c9ca17768617465767300000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 0000000000000000
> ciphertext:
> 992f5dad8650fb447416693d8d1f07e869c63d8798234e933bb878160d77
> 5aee3bb878160d775aee3bb878160d775aee3bb878160d775aee3bb87816
> 0d775aee3bb878160d775aee3bb878160d775aee3bb878160d775aee3bb8
> 78160d775aee3bb878160d775aee3bb878160d775aee3bb878160d775aee
> 3bb878160d775aee
> decrypted:
> 030fa889aa00fc6554023a9aad8c9ca17768617465767300000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 0000000000000000
>
>
> As you can see, the plaintext and decrypted ciphertext are the same, but
> the ciphertexts are different.
>
> Why is this happening? This is a major pain as it means I cannot interop
> with Python. There are other gems for Blowfish encryption, but none of
> them have ECB mode (which is the one I'm interested in - and yes, before
> you say it, I know ECB is insecure).
>
> Am I doing something wrong? Or is this a deeper problem in Python or Ruby?
>
> Regards,
> Pedro
>
> Unsubscribe: <mailto:ruby-talk-request / ruby-lang.org?subject=unsubscribe>
> <http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-talk>
>



-- 
Tony Arcieri
(supressed text/html)
Unsubscribe: <mailto:ruby-talk-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-talk>