Uniface User Forum

 View Only
  • 1.  $encode/$decode "TWOFISH": a little warning

    Posted 11 days ago

    Hi Freaks

    I have just installed UnifAce 10.4.2.0-049 for testing.
    And the first problem was that encryption for internal, short-term critical content no longer worked.
    It turned out that $encode/$decode with "TWOFISH" now checks the key length more precisely. Instead of padding the key with zeros(?) the key length must be 16, 24 or 32.
    In UnifAce 10.4.2.0-018 it could be any key length

    BTW: The documentation about "Block Ciphers"  for UnifAce 10.4.2.0-049 also has a bug.
    In 10.4.2.0-018 there was still the superscript number 2) which indicated that the length will be padded.
    In 10.4.2.0-049 there is still a 2, but it is no longer clickable and no longer refers to an explanation

    Ingo



    ------------------------------
    Ingo Stiller
    Aareon Deutschland GmbH
    ------------------------------


  • 2.  RE: $encode/$decode "TWOFISH": a little warning

    ROCKETEER
    Posted 10 days ago

    Hello Ingo

     

    Probably it has to do with

    https://community.rocketsoftware.com/discussion/rocket-uniface-10402-034-released

    New Feature(s)

    • Elliptic Curve Cryptography is now supported in $encode and $decode functions, with three schemes: ECIES, ECDSA and Ed25519.
    •  
    • Uniface supports a new algorithm in functions $encode and $decode: Base64URL, which makes URL encoding simpler and more efficient.

     



    ------------------------------
    Peter Beugel
    Rocket Internal - All Brands
    Amsterdam NL
    ------------------------------



  • 3.  RE: $encode/$decode "TWOFISH": a little warning

    Posted 10 days ago

    Hi Peter

    Maybe, who knows about the "dubious" ways Uniface and the encryption algorithms are used here? *grin*
    And as I wrote, it is not a big problem as you just have to pad you key to  a length of 16, 24 or 32.
    My thread at the beginning was only meant as a hint to others: "If you have a problem with TWOFISH, have a look at the key length". :-)

    Ingo



    ------------------------------
    Ingo Stiller
    Aareon Deutschland GmbH
    ------------------------------



  • 4.  RE: $encode/$decode "TWOFISH": a little warning

    ROCKETEER
    Posted 9 days ago

    Hello Ingo

    Lets handle this further via the support case.

    An issue will be created for this.

    The change is due to a tightened-up security measure and the advise for users is to change/upgrade their encryption keys



    ------------------------------
    Peter Beugel
    Rocket Internal - All Brands
    Amsterdam NL
    ------------------------------



  • 5.  RE: $encode/$decode "TWOFISH": a little warning

    ROCKETEER
    Posted 4 days ago

    The Uniface library will be updated:

    For TWOFISH, the key length is '16,24,32 bytes' not '1 to 32 bytes'.
    There is also similar change for blowfish. 
    For BLOWFISH, the key length is '4 to 56 bytes' instead of '1 to 56 bytes'.



    ------------------------------
    Peter Beugel
    Rocket Internal - All Brands
    Amsterdam NL
    ------------------------------