Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / October 2003

Tip: Looking for answers? Try searching our database.

Twofish: C versus Java

Thread view: 
Enable EMail AlertsStart New Thread
Rick Hale - 30 Oct 2003 00:13 GMT
Hi:

I've been tasked with coming up with a Java implementation of Twofish. We've
been using the optimized C version of Twofish. I've downloaded the Cryptix
Java version and it encrypts and decrypts fine (with itself). However, the
encrypted output is different between the C and Java versions. Attempting to
decrypt something encrypted with the Java version using the C version
produces garbage. We need to be able to encrypt/decrypt bidirectionally
between the two implementations.

I'm definitely not a cryptology expert and prefer not trying to completely
reimplement the C into Java.

Has anyone else run into this issue?

Thanks,
Rick
Reply to this Message
Roedy Green - 30 Oct 2003 00:19 GMT
>I'm definitely not a cryptology expert and prefer not trying to completely
>reimplement the C into Java.

the things to look for are places where:

1. endianness matters.
2. that fact that bytes are signed matters.

Perhaps the solution is to see if someone else has a Java twofish
implementation.

--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
Reply to this Message
Michael Amling - 30 Oct 2003 03:32 GMT
> I've been tasked with coming up with a Java implementation of Twofish. We've
> been using the optimized C version of Twofish. I've downloaded the Cryptix
[quoted text clipped - 6 lines]
> I'm definitely not a cryptology expert and prefer not trying to completely
> reimplement the C into Java.

  Are you testing using ECB mode?
  To check for endian issues, use endian-independent key and plaintext,
such as all zeros or all ones, and see if the resulting ciphertexts
differ only by an endian permutation.
  There are test vectors for TwoFish, from its submission as an AES
candidate. If you look around enough at http://www.nist.gov/aes, you
should be able to find them. Both implementations should be able to
match the test cases.

--Mike Amling
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.