Net::SSH::Perl::Cipher::Blowfish - Wrapper for SSH Blowfish support


    use Net::SSH::Perl::Cipher;
    my $cipher = Net::SSH::Perl::Cipher->new('Blowfish', $key);
    print $cipher->encrypt($plaintext);


Net::SSH::Perl::Cipher::Blowfish provides Blowfish encryption support for Net::SSH::Perl. To do so it wraps around either Crypt::Blowfish or Crypt::Blowfish_PP; the former is a C/XS implementation of the blowfish algorithm, and the latter is a Perl implementation. Net::SSH::Perl::Cipher::Blowfish prefers to use Crypt::Blowfish, because it's faster, so we try to load that first. If it fails, we fall back to Crypt::Blowfish_PP. Note that, when using Crypt::Blowfish_PP, you'll experience a very noticeable decrease in performance.

The blowfish used here is in CBC filter mode with a key length of 32 bytes.

SSH1 adds an extra wrinkle with respect to its blowfish algorithm: before and after encryption/decryption, we have to swap the bytes in the string to be encrypted/decrypted. The byte-swapping is done four bytes at a time, and within each of those four-byte blocks we reverse the bytes. So, for example, the string foobarba turns into boofabra. We swap the bytes in this manner in the string before we encrypt/decrypt it, and swap the encrypted/decrypted string again when we get it back.

This byte-swapping is not done when Blowfish is used in the SSH2 protocol.


Please see the Net::SSH::Perl manpage for author, copyright, and license information.