[jitsi-users] Re: Profile sharing

Tomas Kopal Tomas.Kopal at altap.cz
Fri Mar 23 00:21:42 CET 2012


On 22.3.2012 23:04, Ingo Bauersachs wrote:
>> In AESCrypto.java, there are three ciphers to try for encoding passwords:
>>
>> private static final String CIPHER_ALGORITHM = "AES/ECB/PKCS5PADDING";
>>
>> On Linux, the first one, AES, gets selected during initialization, but
>> on Windows, for some reason, AES is not available, so ECB gets selected.
>> So after switching the OS, wrong cipher is used to decrypt the encrypted
>> password.
> 
> Ahm, without having looked into this, the assumption that
> AES/ECB/PKCS5PADDING are different ciphers is wrong. Actually, AES is the
> cipher, ECB is "Electronic Code Book" - the mode how the chunks of data are
> feed into the cipher, and the PKCS5PADDING is how the last block of data is
> padded when it is shorter than the operation mode of AES.
> 
> I don't know why AES should not be available on Windows and what our
> fallback would be.
> 

Hmm, of course you are right. Thank you for spotting this. I was too
quick in making conclusions what the loop iterates over :-).

So, here goes second try:

There are two possible key lengths:

private static int[] KEY_LENGTHS = new int[]{256, 128};

In AESCrypto constructor, the key lengths are tried in a loop. On Linux,
the first key length is selected, on Windows, the first one fails, but
the second succeeds.

The end result is the same, though, password encrypted on Linux can not
be decrypted on Windows, and passwords encrypted on Windows can not be
decrypted on Linux.

Also, I think that the point that this could be causing trouble in other
cases may be also still valid.

No idea why the longer key fails on windows (maybe one of those stupid
export regulations?).

> 
> Patches are always welcome :-)
> 

:-). Ok, I will try. But I need more time to understand what is really
going on in the code and what might be a good fix...


Tomas




More information about the users mailing list