Blowfish_expand0state invocation order

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Blowfish_expand0state invocation order

Delan Azabani
While trying to implement bcrypt based on the USENIX 99 paper alone, a
tiny difference between the paper and src/lib/libc/crypt/bcrypt.c left
me scratching my head until I finally gave in and had a peek.

Since it was first checked in, bcrypt.c has passed the key to the odd
Blowfish_expand0state invocations and the salt to the even, as do all
other bcrypt implementations I could find, while the paper disagrees:

> EksBlowfishSetup (cost, salt, key)
> state ← InitState ()
> state ← ExpandKey (state, salt, key)
> repeat (2 ^ cost)
>> state ← ExpandKey (state, 0, salt)
>> state ← ExpandKey (state, 0, key)
> return state

> Thereafter, ExpandKey is alternately called with the salt and then
> key for (2 ^ cost) iterations.

I have a couple of questions.

Are there any interesting reasons behind this difference (aside from
a simple mistake in either the implementation or the paper)?

Does the difference in order have any cryptanalytic implications (it
would surprise me if there were, but I’m not really a cryptographer)?

Reply | Threaded
Open this post in threaded view
|

Re: Blowfish_expand0state invocation order

Ted Unangst-6
Delan Azabani wrote:
> Are there any interesting reasons behind this difference (aside from
> a simple mistake in either the implementation or the paper)?
>
> Does the difference in order have any cryptanalytic implications (it
> would surprise me if there were, but I’m not really a cryptographer)?

A simple mistake not easily corrected, but of no consequence.

Reply | Threaded
Open this post in threaded view
|

Re: Blowfish_expand0state invocation order

Delan Azabani
At 06:40, Ted Unangst <[hidden email]> wrote:
> A simple mistake not easily corrected, but of no consequence.

Thanks — this is what I was hoping would be the case.