5

this is probably a stupid question, but I cannot figure it out. Currently, I am using this website: http://www.fyneworks.com/encryption/rc4-encryption/ to cipher rc4 for a proof of concept. For instance, I am entering 'a' as a cleartext, 'a' as a password and I get '71' as a ciphertext (this is the ascii representation of the 'q'). I wanted to do the same from the command line, using openssl:

> echo a | openssl rc4 -nosalt  -out /tmp/uuu 
enter rc4 encryption password:
Verifying - enter rc4 encryption password:

> cat /tmp/uuu | xxd
0000000: 5896                                     X.

So we are getting '5896' instead of '71' and this is what I don't understand. If someone could explain to me, I'd be grateful.

Thank you !

skaffman
  • 398,947
  • 96
  • 818
  • 769
I am ttt
  • 131
  • 1
  • 6
  • `echo` appends a newline, by default, so the string you're encrypting is actually "a\n". Try using `echo -n` instead, which will omit the trailing newline. Unfortunately, running "a\n" through the online tool produces 71B6. – daxelrod Dec 02 '11 at 02:30
  • 1
    Perhaps the problem is with encoding the key. – Will Bickford Dec 02 '11 at 03:44
  • @daxelrod: indeed, since it's a stream cipher, adding trailing characters to the plaintext won't change the value of the first ciphered byte. You can also pass the key in the command line, with the -pass pass:a value, it doesn't change the result. – I am ttt Dec 02 '11 at 10:14

2 Answers2

6

Thanks to a friend, we figured out what was wrong. He told me to print the key

echo -ne "a" |  openssl  rc4 -pass pass:a -e  -nopad    -nosalt -p
key=0CC175B9C0F1B6A831C399E269772661

We see that there is some padding added, with the 0x61 we entered at the end. It turns out openssl generates a key from the pass.

Instead, if we enter directly the key with the -K option:

echo -ne "a" |  openssl  rc4 -K 61 -e  -nopad    -nosalt -p
key=61000000000000000000000000000000

We see that there is a padding with '0's. ACtually, it doesn't want us to use a too small key (since for rc4 the key must be at least 40bits long). Now, let's try with a 128b key:

echo -ne "foobar" |  openssl  rc4 -K "6162636465666768696A6B6C6D6E6F70" -e  -nopad    -nosalt  | xxd
0000000: caaf 2cbf d334                           ..,..4

The result is the same as the one on the webpage :)

I am ttt
  • 131
  • 1
  • 6
  • Hi, can we use the password instead of K and get the same result as in the webpage ? – AKS Jan 05 '18 at 10:50
0

Work-in-progress

Here's an interesting pattern for you. Using '0' as the encryption key we get some strong trends between the plaintext and the ciphertext. See below.

What interests me about the difference between the two implementations is that fyne increases monotonically while OpenSSL is a bit of a stair-step. I'll take another look at it later - I'm marking this a community wiki since I don't consider this an answer yet but I figured the analysis might help.

fyne:

0(0) = B8
0(1) = B9
0(2) = BA
0(3) = BB
0(4) = BC
0(5) = BD
0(6) = BE
0(7) = BF
0(8) = B0
0(9) = B1

OpenSSL:

0(0) = 72
0(1) = 73
0(2) = 70
0(3) = 71
0(4) = 76
0(5) = 77
0(6) = 74
0(7) = 75
0(8) = 7A
0(9) = 7B

Commands Used

cat -n N > /tmp/test #Where n is a number
openssl rc4 -e -nosalt -in /tmp/test -out /tmp/uuu
cat /tmp/uuu |xxd
Will Bickford
  • 5,381
  • 2
  • 30
  • 45