[Konversation-devel] [Bug 197769] New: Padding for blowfish encrytion is not done correctly

[lubyou]

https://bugs.kde.org/show_bug.cgi?id=197769

           Summary: Padding for blowfish encrytion is not done correctly
           Product: konversation
           Version: unspecified
          Platform: Ubuntu Packages
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: general
        AssignedTo: konversation-devel at kde.org
        ReportedBy: lgoodboi at gmail.com


Version:            (using KDE 4.2.90)
OS:                Linux
Installed from:    Ubuntu Packages

Blowfish requires strings to be a multiple of eight. While this is done in
konversation, the padding is not done correctly. 

QByteArray::resize is used to resize the array to a length which is multiple of
eight, but it is padded with random values ("(..) byte array is extended to
make it size bytes with the extra bytes added to the end. The new bytes are
uninitialized.")

This leads to different encrypted strings for the same plain text in ECB mode
and it also makes it impossible for implementations from other clients to know
where the plain text string actually ends.

Padding should be done with \0, which is what the other implementations i have
looked at do.

-- 
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.