Emulate openssl rc4-40 in "plain" perl

StackOverflow https://stackoverflow.com/questions/18884449

  •  29-06-2022
  •  | 
  •  

Question

I have been trying for a couple of hours without much luck though I suspect this is just me being dense.

First the setup so you won’t try talk me out of it. :P I have a box which has restrictions on its openssl lib such that it will not do rc4 in as low an encryption as 40 bit. I have a legacy function which uses rc4-40 and I'm not at liberty to upgrade the encryption to a harder bit level because it speaks to other software over which I have no control or authority.

So, constrained to 40 bit RC4 and cannot use openssl. Any XS/perl that doesn’t fall back to openssl should be great. I’ve been playing with several modules but nothing works out of the box and I’m not good at this kind of thing so can’t see how to modify/monkey-patch/fork the key/bit handling code myself.

The code is currently doing this-

echo -ne "OHAI" |  openssl rc4-40 -d -nosalt -k  KeyPhrase0123456 | xxd
0000000: cbf7 71b2                                ..q.

Naïve stab at replacing it is made of FAIL-

perl -MCrypt::RC4 -e 'print RC4("KeyPhrase0123456", "OHAI")' | xxd
0000000: bc14 808b                                ....

So I need some version of perl code to match the openssl call. I have been trying everything sensible (c.f., not openssl-based) I can find on the CPAN, including Crypt::RC4(::XS) and Net::SSH::Perl::Cipher::RC4. Google led me to some apparently related and adapted code in Authen::SASL — it was too confusing to follow other than it seems to support authentication with rc4-40. I did not try Crypt::GCrypt though it looks promising, I can’t see the proper usage. Stymied.

This — RC4 doesn't work correctly with openssl command? — was edifying but ultimately didn't help me with the key/phrase handling or setup.

Thanks for looking!

Update: after reading a bit more on FIPS mode, I think Crypt::GCrypt will also be nonfunctional even if I knew if the right invocation.

Was it helpful?

Solution 

echo -ne "OHAI" |  openssl rc4-40 -d  -nosalt -k KeyPhrase0123456 | xxd
0000000: cbf7 71b2                                ..q.

perl -MCrypt::RC4 -MDigest::MD5 -e 'print RC4(substr(Digest::MD5::md5("KeyPhrase0123456"),0,5), "OHAI")' | xxd
0000000: cbf7 71b2                                ..q.

substr(Digest::MD5::md5("KeyPhrase0123456"),0,5) - 5*8=40bit
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top