Comments (1)
A continuation of the issue of using a different key than written to disk is a rare edge case where the password itself begins with a case-insensitive version of the string "cbc:".
The key is correctly written to disk, but is incorrectly reported by FiSH_GetKey10 and is incorrectly used when encrypting the message. I only discovered this from testing a script that would create random text strings to be used as passwords. I already knew that the current system prevents an ECB key from beginning with the 'cbc:' string, but I wanted to see what would happen if the string following the cbc: also happened to begin with "cbc:".
Because the syntax assumes that the input string beginning with cbc: always means that's a flag that the following string should be used in CBC mode, the ECB key cannot begin with case-insensitive CBC:, and the first 4 letters of the actual key are stripped from the display by FiSH_GetKey10, and is also excluded from being part of the actual key used to encrypt the message.
This table shows 3 strings for each row:
#1: the input string given to FiSH_WriteKey10
#2: the string actually written to disk by FiSH_WriteKey10
#2: the string displayed by FiSH_GetKey10
#3: the string actually used as the encryption key in CBC mode:
#1 #2 #3 #4
CBC:test test cbc:test test
cbc:CbC:test CbC:test cbc:test test
cbc:CbC:Cbc:test CbC:Cbc:test cbc:Cbc:test Cbc:test
cbc:CbC: cbc: cbc: NOT ENCRYPTED
A work-around could be to check if the input string begins with case-insensitive "cbc:cbc:", then it would insert a bogus cbc: in front of it in order to have the correct key actually being used. However that would not solve the issue where FiSH_GetKey10 displays the key incorrectly, and it would risk running afoul of the length 56 limit should FiSH_WriteKey10 start enforcing the limit against CBC keys according to the enforce_max_key_length setting.
from mirc_fish_10.
Related Issues (20)
- OpenSSL 1.1.1d HOT 2
- mIRC has Blowfish. This script needs modernization. HOT 1
- mIRC 7.53 - outgoing chat is displayed twice HOT 8
- curious HOT 1
- Mirc 7.56 - FiSH will no longer load HOT 16
- 1 out of every 128 DH1080 handshakes fails HOT 9
- FiSH for Mirc is a dead project
- How to compile with visual studio
- Long delay creating DH key pair HOT 5
- fish_inject.dll causing issues with anti-vira software HOT 3
- ERROR: key length exceeds limit of 56 bytes. HOT 1
- Fish on Mirc v7.59 ERROR!!! HOT 1
- PRIVMSG / CPRIVMSG ?! HOT 7
- openssl-1.1.1h HOT 1
- IRCv3 support HOT 2
- decode_utf8 bug in FiSH_WriteKey10 HOT 1
- ECB and CBC modes shouldn't support decrypting each other's messages HOT 1
- DLL export procedures for encrypting and decrypting messages aren't handling spaces properly
- OpenSSL v3: fish_inject.dll won't load in today's beta version HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mirc_fish_10.