Hello community,
here is the log from the commit of package perl-Crypt-CBC
checked in at Fri Apr 7 16:58:30 CEST 2006.
--------
--- perl-Crypt-CBC/perl-Crypt-CBC.changes 2006-01-25 21:39:34.000000000 +0100
+++ perl-Crypt-CBC/perl-Crypt-CBC.changes 2006-04-05 16:28:24.000000000 +0200
@@ -1,0 +2,5 @@
+Wed Apr 5 16:18:58 CEST 2006 - schubi@suse.de
+
+- Bug 153627 - VUL-0: perl-Crypt-CBC: ciphertext weakness when using certain block algorithms
+
+-------------------------------------------------------------------
Old:
----
Crypt-CBC-2.14.tar.bz2
New:
----
Crypt-CBC-2.17.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-Crypt-CBC.spec ++++++
--- /var/tmp/diff_new_pack.56gljH/_old 2006-04-07 16:58:13.000000000 +0200
+++ /var/tmp/diff_new_pack.56gljH/_new 2006-04-07 16:58:13.000000000 +0200
@@ -1,18 +1,18 @@
#
-# spec file for package perl-Crypt-CBC (Version 2.14)
+# spec file for package perl-Crypt-CBC (Version 2.17)
#
-# Copyright (c) 2005 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
-# Please submit bugfixes or comments via http://www.suse.de/feedback/
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: perl-Crypt-CBC
BuildRequires: perl-Crypt-Blowfish perl-Crypt-DES
-Version: 2.14
+Version: 2.17
Release: 1
Requires: perl-Crypt-Blowfish perl-Crypt-DES
Requires: perl = %{perl_version}
@@ -54,6 +54,8 @@
/var/adm/perl-modules/%{name}
%changelog -n perl-Crypt-CBC
+* Wed Apr 05 2006 - schubi@suse.de
+- Bug 153627 - VUL-0: perl-Crypt-CBC: ciphertext weakness when using certain block algorithms
* Wed Jan 25 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Mon Jul 11 2005 - schubi@suse.de
++++++ Crypt-CBC-2.14.tar.bz2 -> Crypt-CBC-2.17.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Crypt-CBC-2.14/CBC.pm new/Crypt-CBC-2.17/CBC.pm
--- old/Crypt-CBC-2.14/CBC.pm 2005-05-05 22:06:49.000000000 +0200
+++ new/Crypt-CBC-2.17/CBC.pm 2006-01-10 00:32:08.000000000 +0100
@@ -4,7 +4,7 @@
use Carp;
use strict;
use vars qw($VERSION);
-$VERSION = '2.14';
+$VERSION = '2.17';
use constant RANDOM_DEVICE => '/dev/urandom';
@@ -19,7 +19,7 @@
}
# CGI style arguments
- elsif ($_[0] =~ /^-/) {
+ elsif ($_[0] =~ /^-[a-zA-Z]{1,20}$/) {
my %tmp = @_;
while ( my($key,$value) = each %tmp) {
$key =~ s/^-//;
@@ -35,38 +35,63 @@
# "key" is a misnomer here, because it is actually usually a passphrase that is used
# to derive the true key
my $pass = $options->{key};
- croak "Please provide an encryption/decryption key" unless defined $pass;
+ croak "Please provide an encryption/decryption passphrase or key using -key" unless defined $pass;
- # confusing logic, but if the regenerate_key option is present but false, we
- # use the passphrase for the key
- my $key = $pass if $options->{literal_key}
- or (exists $options->{regenerate_key} && !$options->{regenerate_key});
- my $salt = $options->{salt};
-
- # if salt is equal to the string "1", then we replace it with random bytes
- $salt = $class->_get_random_bytes(8) if $salt and $salt eq '1';
-
- my $prepend_header = 1;
- for ('prepend_iv','add_header') {
- $prepend_header = 0 if exists $options->{$_} && !$options->{$_};
- }
+ # header mode
+ my %valid_modes = map {$_=>1} qw(none salt randomiv);
+ my $header_mode = $options->{header};
+ $header_mode ||= 'none' if exists $options->{prepend_iv} && !$options->{prepend_iv};
+ $header_mode ||= 'none' if exists $options->{add_header} && !$options->{add_header};
+ $header_mode ||= 'salt'; # default
+ croak "Invalid -header mode '$header_mode'" unless $valid_modes{$header_mode};
- # note: iv will be autogenerated by start() if not specified in options
- my $iv = $options->{iv};
- croak "Initialization vector must be 8 bytes" if $prepend_header && defined $iv && length $iv != 8;
+ croak "The -salt argument is incompatible with a -header mode of $header_mode"
+ if exists $options->{salt} && $header_mode ne 'salt';
my $cipher = $options->{cipher};
$cipher = 'Crypt::DES' unless $cipher;
$cipher = $cipher=~/^Crypt::/ ? $cipher : "Crypt::$cipher";
- eval "require $cipher; 1" or croak "Couldn't load $cipher: $@";
+ $cipher->can('encrypt') or eval "require $cipher; 1" or croak "Couldn't load $cipher: $@";
# some crypt modules use the class Crypt::, and others don't
$cipher =~ s/^Crypt::// unless $cipher->can('keysize');
- my $ks = eval {$cipher->keysize};
- my $bs = eval {$cipher->blocksize};
+ # allow user to override these values
+ my $ks = $options->{keysize};
+ my $bs = $options->{blocksize};
+
+ # otherwise we get the values from the cipher
+ $ks ||= eval {$cipher->keysize};
+ $bs ||= eval {$cipher->blocksize};
+
+ # Some of the cipher modules are busted and don't report the
+ # keysize (well, Crypt::Blowfish in any case). If we detect
+ # this, and find the blowfish module in use, then assume 56.
+ # Otherwise assume the least common denominator of 8.
+ $ks ||= $cipher =~ /blowfish/i ? 56 : 8;
+ $bs ||= $ks;
+
+ my $pcbc = $options->{'pcbc'};
+
+ # Default behavior is to treat -key as a passphrase.
+ # But if the literal_key option is true, then use key as is
+ croak "The options -literal_key and -regenerate_key are incompatible with each other"
+ if exists $options->{literal_key} && exists $options->{regenerate_key};
+ my $key = $pass if $options->{literal_key};
+ $key = $pass if exists $options->{regenerate_key} && !$options->{regenerate_key};
+
+ # Get the salt.
+ my $salt = $options->{salt};
+ my $random_salt = 1 unless defined $salt && $salt ne '1';
+ croak "Argument to -salt must be exactly 8 bytes long" if defined $salt && length $salt != 8 && $salt ne '1';
+
+ # note: iv will be autogenerated by start() if not specified in options
+ my $iv = $options->{iv};
+ my $random_iv = 1 unless defined $iv;
+ croak "Initialization vector must be exactly $bs bytes long when using the $cipher cipher" if defined $iv and length($iv) != $bs;
- my $padding = $options->{padding} || 'standard';
+ my $legacy_hack = $options->{insecure_legacy_decrypt};
+ my $padding = $options->{padding} || 'standard';
if ($padding && ref($padding) eq 'CODE') {
# check to see that this code does its padding correctly
@@ -83,30 +108,43 @@
:croak "'$padding' padding not supported. See perldoc Crypt::CBC for instructions on creating your own.";
}
- # Some of the cipher modules are busted and don't report the
- # keysize (well, Crypt::Blowfish in any case). If we detect
- # this, and find the blowfish module in use, then assume 56.
- # Otherwise assume the least common denominator of 8.
- $ks ||= $cipher =~ /blowfish/i ? 56 : 8;
- $bs ||= $ks;
+ # CONSISTENCY CHECKS
+ # HEADER consistency
+ if ($header_mode eq 'salt') {
+ croak "Cannot use salt-based key generation if literal key is specified" if $options->{literal_key};
+ croak "Cannot use salt-based IV generation if literal IV is specified" if exists $options->{iv};
+ }
+ elsif ($header_mode eq 'randomiv') {
+ croak "Cannot encrypt using a non-8 byte blocksize cipher when using randomiv header mode" unless $bs == 8 || $legacy_hack;
+ }
+ elsif ($header_mode eq 'none') {
+ croak "You must provide an initialization vector using -iv when using -header=>'none'" unless exists $options->{iv};
+ }
- if (defined $key && length($key) > $ks) {
- carp "keysize is greater than allowed keysize of $ks for cipher $cipher - using only first $ks bytes";
- $key = substr($key, 0, $ks);
+ # KEYSIZE consistency
+ if (defined $key && length($key) != $ks) {
+ croak "If specified by -literal_key, then the key length must be equal to the chosen cipher's key length of $ks bytes";
}
- my $pcbc = $options->{'pcbc'};
+ # IV consistency
+ if (defined $iv && length($iv) != $bs) {
+ croak "If specified by -iv, then the initialization vector length must be equal to the chosen cipher's blocksize of $bs bytes";
+ }
- return bless {'cipher' => $cipher,
- 'passphrase' => $pass,
- 'key' => $key,
- 'iv' => $iv,
- 'salt' => $salt,
- 'padding' => $padding,
- 'blocksize' => $bs,
- 'keysize' => $ks,
- 'prepend_header' => $prepend_header,
- 'pcbc' => $pcbc,
+
+ return bless {'cipher' => $cipher,
+ 'passphrase' => $pass,
+ 'key' => $key,
+ 'iv' => $iv,
+ 'salt' => $salt,
+ 'padding' => $padding,
+ 'blocksize' => $bs,
+ 'keysize' => $ks,
+ 'header_mode' => $header_mode,
+ 'legacy_hack' => $legacy_hack,
+ 'pcbc' => $pcbc,
+ 'make_random_salt' => $random_salt,
+ 'make_random_iv' => $random_iv,
},$class;
}
@@ -227,36 +265,45 @@
sub _generate_iv_and_cipher_from_datastream {
my $self = shift;
my $input_stream = shift;
+ my $bs = $self->blocksize;
- # if the input stream contains the salt, then it is used to derive the
- # IV and the encryption key from the passphrase
- if (my($salt) = $$input_stream =~ /^Salted__(.{8})/s) {
- $self->{salt} = $salt; # Replace manually-specified salt
- undef $self->{key}; # reset the key and iv
- undef $self->{iv};
+ # use our header mode to figure out what to do with the data stream
+ my $header_mode = $self->header_mode;
+
+ if ($header_mode eq 'none') {
+ croak "You must specify a $bs byte initialization vector by passing the -iv option to new() when using -header_mode=>'none'"
+ unless exists $self->{iv};
+ $self->{civ} = $self->{iv}; # current IV equals saved IV
+ $self->{key} ||= $self->_key_from_key($self->{passphrase});
+ }
+
+ elsif ($header_mode eq 'salt') {
+ my ($salt) = $$input_stream =~ /^Salted__(.{8})/s;
+ croak "Ciphertext does not begin with a valid header for 'salt' header mode" unless defined $salt;
+ $self->{salt} = $salt; # new salt
substr($$input_stream,0,16) = '';
+ my ($key,$iv) = $self->_salted_key_and_iv($self->{passphrase},$salt);
+ $self->{iv} = $self->{civ} = $iv;
+ $self->{key} = $key;
}
- # if the input stream contains the IV, then we use it to set the IV
- elsif ( my($iv) = $$input_stream =~ /^RandomIV(.{8})/s) {
- undef $self->{salt}; # message contents overrides salt option
- $self->{'iv'} = $iv;
+ elsif ($header_mode eq 'randomiv') {
+ my ($iv) = $$input_stream =~ /^RandomIV(.{8})/s;
+ croak "Ciphertext does not begin with a valid header for 'randomiv' header mode" unless defined $iv;
+ croak "randomiv header mode cannot be used securely when decrypting with a >8 byte block cipher.\nUse the -insecure_legacy_decrypt flag if you are sure you want to do this" unless $self->blocksize == 8 || $self->legacy_hack;
+ $self->{iv} = $self->{civ} = $iv;
+ $self->{key} = $self->_key_from_key($self->{passphrase});
+ undef $self->{salt}; # paranoia
substr($$input_stream,0,16) = ''; # truncate
}
- if (my $salt = $self->{salt}) {
- my ($key,$iv) = $self->_salted_key_and_iv($self->{passphrase},$salt);
- $self->{key} ||= $key; # don't replace manually-specified key
- $self->{iv} ||= $iv; # don't replace manually-specified IV
- } else {
- $self->{key} ||= $self->_key_from_key($self->{passphrase}); # don't replace manually-specified key
+ else {
+ croak "Invalid header mode '$header_mode'";
}
# we should have the key and iv now, or we are dead in the water
croak "Cipher stream did not contain IV or salt, and you did not specify these values in new()"
- unless $self->{key} && $self->{iv};
-
- $self->{civ} = $self->{iv}; # 'civ' == "current IV"
+ unless $self->{key} && $self->{civ};
# now we can generate the crypt object itself
$self->{crypt} = $self->{cipher}->new($self->{key})
@@ -267,28 +314,42 @@
sub _generate_iv_and_cipher_from_options {
my $self = shift;
+ my $blocksize = $self->blocksize;
my $result = '';
- # if salt is provided, then we use that to generate our key and iv
- if (my $salt = $self->{salt}) {
+ my $header_mode = $self->header_mode;
+ if ($header_mode eq 'none') {
+ croak "You must specify a $blocksize byte initialization vector by passing the -iv option to new() when using -header_mode=>'none'"
+ unless exists $self->{iv};
+ $self->{civ} = $self->{iv};
+ $self->{key} ||= $self->_key_from_key($self->{passphrase});
+ }
+
+ elsif ($header_mode eq 'salt') {
+ $self->{salt} = $self->_get_random_bytes(8) if $self->{make_random_salt};
+ defined (my $salt = $self->{salt}) or croak "No header_mode of 'salt' specified, but no salt value provided"; # shouldn't happen
+ length($salt) == 8 or croak "Salt must be exactly 8 bytes long";
my ($key,$iv) = $self->_salted_key_and_iv($self->{passphrase},$salt);
- $self->{key} ||= $key;
- $self->{iv} ||= $iv;
- $result = "Salted__${salt}" if $self->{'prepend_header'};
+ $self->{key} = $key;
+ $self->{civ} = $self->{iv} = $iv;
+ $result = "Salted__${salt}";
}
- else {
+ elsif ($header_mode eq 'randomiv') {
+ croak "randomiv header mode cannot be used when encrypting with a >8 byte block cipher. There is no option to allow this"
+ unless $blocksize == 8;
$self->{key} ||= $self->_key_from_key($self->{passphrase});
- $self->{iv} ||= $self->_get_random_bytes(8);
- $result = "RandomIV$self->{iv}" if $self->{'prepend_header'};
+ $self->{iv} = $self->_get_random_bytes(8) if $self->{make_random_iv};
+ length($self->{iv}) == 8 or croak "IV must be exactly 8 bytes long when used with header mode of 'randomiv'";
+ $self->{civ} = $self->{iv};
+ $result = "RandomIV$self->{iv}";
}
- croak "key and/or iv are missing" unless $self->{key} && $self->{iv};
+ croak "key and/or iv are missing" unless defined $self->{key} && defined $self->{civ};
$self->{crypt} = $self->{cipher}->new($self->{key})
or croak "Could not create $self->{cipher} object: $@";
- $self->{'civ'} = $self->{'iv'};
return $result;
}
@@ -326,6 +387,12 @@
return (substr($data,0,$key_len),substr($data,$key_len,$iv_len));
}
+sub random_bytes {
+ my $self = shift;
+ my $bytes = shift or croak "usage: random_bytes(\$byte_length)";
+ $self->_get_random_bytes($bytes);
+}
+
sub _get_random_bytes {
my $self = shift;
my $length = shift;
@@ -387,15 +454,15 @@
sub get_initialization_vector (\$) {
my $self = shift;
- return $self->{'iv'};
+ $self->iv();
}
sub set_initialization_vector (\$$) {
my $self = shift;
- my $iv = shift;
-
- croak "Initialization vector must be 8 bytes" unless (length($iv) == 8);
- $self->{'iv'} = $iv;
+ my $iv = shift;
+ my $bs = $self->blocksize;
+ croak "Initialization vector must be $bs bytes in length" unless length($iv) == $bs;
+ $self->iv($iv);
}
sub salt {
@@ -430,11 +497,13 @@
$d;
}
-sub cipher { shift->{cipher} }
-sub padding { shift->{padding} }
-sub keysize { shift->{keysize} }
+sub cipher { shift->{cipher} }
+sub padding { shift->{padding} }
+sub keysize { shift->{keysize} }
sub blocksize { shift->{blocksize} }
-sub pcbc { shift->{pcbc} }
+sub pcbc { shift->{pcbc} }
+sub header_mode {shift->{header_mode} }
+sub legacy_hack { shift->{legacy_hack} }
1;
__END__
@@ -447,12 +516,11 @@
use Crypt::CBC;
$cipher = Crypt::CBC->new( -key => 'my secret key',
- -cipher => 'Blowfish',
- -salt => 1,
+ -cipher => 'Blowfish'
);
$ciphertext = $cipher->encrypt("This data is hush hush");
- $plaintext = $cipher->decrypt($ciphertext);
+ $plaintext = $cipher->decrypt($ciphertext);
$cipher->start('encrypting');
open(F,"./BIG_FILE");
@@ -461,6 +529,21 @@
}
print $cipher->finish;
+ # do-it-yourself mode -- specify key, initialization vector yourself
+ $key = Crypt::CBC->random_bytes(8); # assuming a 8-byte block cipher
+ $iv = Crypt::CBC->random_bytes(8);
+ $cipher = Crypt::CBC->new(-literal_key => 1,
+ -key => $key,
+ -iv => $iv,
+ -header => 'none');
+
+ $ciphertext = $cipher->encrypt("This data is hush hush");
+ $plaintext = $cipher->decrypt($ciphertext);
+
+ # RANDOMIV-compatible mode
+ $cipher = Crypt::CBC->new(-key => 'Super Secret!'
+ -header => 'randomiv');
+
=head1 DESCRIPTION
@@ -468,34 +551,33 @@
block chaining mode (CBC). In combination with a block cipher such as
DES or IDEA, you can encrypt and decrypt messages of arbitrarily long
length. The encrypted messages are compatible with the encryption
-format used by B<SSLeay>, and can be made compatible with the newer
-B<OpenSSL> package by specifying the B<-salt> argument.
+format used by the B<OpenSSL> package.
-To use this module, you will first create a Crypt::CBC cipher object with
-new(). At the time of cipher creation, you specify an encryption key
-to use and, optionally, a block encryption algorithm. You will then
-call the start() method to initialize the encryption or decryption
-process, crypt() to encrypt or decrypt one or more blocks of data, and
-lastly finish(), to pad and encrypt the final block. For your
-convenience, you can call the encrypt() and decrypt() methods to
+To use this module, you will first create a Crypt::CBC cipher object
+with new(). At the time of cipher creation, you specify an encryption
+key to use and, optionally, a block encryption algorithm. You will
+then call the start() method to initialize the encryption or
+decryption process, crypt() to encrypt or decrypt one or more blocks
+of data, and lastly finish(), to pad and encrypt the final block. For
+your convenience, you can call the encrypt() and decrypt() methods to
operate on a whole data value at once.
=head2 new()
$cipher = Crypt::CBC->new( -key => 'my secret key',
-cipher => 'Blowfish',
- -salt => 1
);
# or (for compatibility with versions prior to 2.13)
- $cipher = Crypt::CBC->new( {key => 'my secret key',
- cipher => 'Blowfish',
- salt => 1}
+ $cipher = Crypt::CBC->new( {
+ key => 'my secret key',
+ cipher => 'Blowfish'
+ }
);
# or (for compatibility with versions prior to 2.0)
- $cipher = new Crypt::CBC('my secret key','Blowfish');
+ $cipher = new Crypt::CBC('my secret key' => 'Blowfish');
The new() method creates a new Crypt::CBC object. It accepts a list of
-argument => value pairs selected from the following list:
@@ -514,6 +596,11 @@
-iv The initialization vector (IV)
+ -header What type of header to prepend to ciphertext. One of
+ 'salt' -- use OpenSSL-compatible salted header
+ 'randomiv' -- Randomiv-compatible "RandomIV" header
+ 'none' -- prepend no header at all
+
-padding The padding method, one of "standard", "space",
"onesandzeroes", or "null". (default "standard")
@@ -525,7 +612,16 @@
-pcbc Whether to use the PCBC chaining algorithm rather than
the standard CBC algorithm (default false).
- -add_header Whether to add the salt and IV to the header of the output
+ -keysize Force the cipher keysize to the indicated number of bytes.
+
+ -blocksize Force the cipher blocksize to the indicated number of bytes.
+
+ -insecure_legacy_decrypt
+ Allow decryption of data encrypted using the "RandomIV" header
+ produced by pre-2.17 versions of Crypt::CBC.
+
+ -add_header [deprecated; use -header instread]
+ Whether to add the salt and IV to the header of the output
cipher text.
-regenerate_key [deprecated; use literal_key instead]
@@ -536,10 +632,23 @@
Whether to prepend the IV to the beginning of the
encrypted stream (default true)
-You must provide an encryption/decryption B<-key>, which can be any
-series of characters of any length. If B<-regenerate_key> is true (the
-default), then the actual key used is derived from the MD5 hash of the
-key you provide; otherwise the actual binary bits of the key are used.
+Crypt::CBC requires three pieces of information to do its job. First
+it needs the name of the block cipher algorithm that will encrypt or
+decrypt the data in blocks of fixed length known as the cipher's
+"blocksize." Second, it needs an encryption/decryption key to pass to
+the block cipher. Third, it needs an initialization vector (IV) that
+will be used to propagate information from one encrypted block to the
+next. Both the key and the IV must be exactly the same length as the
+chosen cipher's blocksize.
+
+Crypt::CBC can derive the key and the IV from a passphrase that you
+provide, or can let you specify the true key and IV manually. In
+addition, you have the option of embedding enough information to
+regenerate the IV in a short header that is emitted at the start of
+the encrypted stream, or outputting a headerless encryption stream. In
+the first case, Crypt::CBC will be able to decrypt the stream given
+just the original key or passphrase. In the second case, you will have
+to provide the original IV as well as the key/passphrase.
The B<-cipher> option specifies which block cipher algorithm to use to
encode each section of the message. This argument is optional and
@@ -550,22 +659,53 @@
Crypt::CAST5 and Crypt::Rijndael. You may refer to them using their
full names ("Crypt::IDEA") or in abbreviated form ("IDEA").
-The B<-salt> argument actives an OpenSSL-compatible method of
-generating the encryption/decryption key and IV. If salt has the value
-"1", then a random salt is computed (highly recommended). Any other
-non-false value will be interpreted as the bytes of the actual salt to
-use. If you provide the salt, it must be exactly 8 bytes in length.
-It is highly recommended that you use -salt=>1, as this may become the
-default in future versions of this module.
-
-The initialization vector (IV) is used to start the CBC chaining
-algorithm. Unless you have also specified a false value for
-B<-add_header>, the IV should be exactly 8 bytes in length. The IV may
-be specified manually by passing in a key of B<-iv> as an option to
-new() or by calling $cipher->set_initialization_vector($iv) before
-calling $cipher->start(). If no IV is specified, then one will be
-generated randomly for you. This is backwardly compatible with CBC
-encrypted streams generated by the older SSLEay library.
+The B<-key> argument provides either a passphrase to use to generate
+the encryption key, or the literal value of the block cipher key. If
+used in passphrase mode (which is the default), B<-key> can be any
+number of characters; the actual key will be derived by passing the
+passphrase through a series of MD5 hash operations. To take full
+advantage of a given block cipher, the length of the passphrase should
+be at least equal to the cipher's blocksize. To skip this hashing
+operation and specify the key directly, pass a true value to the
+B<-literal_key> option. In this case, you should choose a key of
+length exactly equal to the cipher's key length.
+
+The B<-header> argument specifies what type of header, if any, to
+prepend to the beginning of the encrypted data stream. The header
+allows Crypt::CBC to regenerate the original IV and correctly decrypt
+the data without your having to provide the same IV used to encrypt
+the data. Valid values for the B<-header> are:
+
+ "salt" -- Combine the passphrase with an 8-byte random value to
+ generate both the block cipher key and the IV from the
+ provided passphrase. The salt will be appended to the
+ beginning of the data stream allowing decryption to
+ regenerate both the key and IV given the correct passphrase.
+ This method is compatible with current versions of OpenSSL.
+
+ "randomiv" -- Generate the block cipher key from the passphrase, and
+ choose a random 8-byte value to use as the IV. The IV will
+ be prepended to the data stream. This method is compatible
+ with ciphertext produced by versions of the library prior to
+ 2.17, but is incompatible with block ciphers that have non
+ 8-byte block sizes, such as Rijndael. Crypt::CBC will exit
+ with a fatal error if you try to use this header mode with a
+ non 8-byte cipher.
+
+ "none" -- Do not generate a header. To decrypt a stream encrypted
+ in this way, you will have to provide the original IV
+ manually.
+
+B