php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #18267 mcrypt-blowfish data encrypted on one machine not decryptable on other machine
Submitted: 2002-07-10 18:56 UTC Modified: 2002-07-10 18:59 UTC
From: mcrypt at michael dot mailshell dot com Assigned:
Status: Not a bug Package: mcrypt related
PHP Version: 4.2.0 OS: Linux Mandrake
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: mcrypt at michael dot mailshell dot com
New email:
PHP Version: OS:

 

 [2002-07-10 18:56 UTC] mcrypt at michael dot mailshell dot com 
I am able to encrypt and decrypt on each machine, but the encrypted data can only be decrypted on that 
machine. I'm guessing this is an issue with the version of mcrypt. This is very disterbing as I have 
thousands of encrypted emails of customers. As I have no key to them I will never be able to upgrade mcrypt 
w/o this bug being resolved.

Machine 1:
kernel-2.2.17-21mdk
php version: 4.2.0
# rpm -qa | grep mcrypt
libmcrypt-2.4.4-1
libmcrypt-devel-2.4.18-2

Machine 2:
kernel-2.4.18.1mdk-1-1mdk
# rpm -qa | grep mcrypt
libmcrypt4-2.5.1-1mdk
libmcrypt4-devel-2.5.1-1mdk
php-mcrypt-4.2.1-4mdk

encrypt.php:
<?

$file = './test.txt';

$fp = fopen($file, "r");
$buf = fread($fp, filesize($file));
fclose($fp);
## echo $buf;

$tmp = '123456789012345678901234';
$buf = blowfish_encrypt($buf, $tmp);
echo "md5 on encrypted data: " . md5($buf) . "\n";

$fp = fopen($file . "_enc", "w");
fwrite ($fp, $buf);
fclose($fp);


function blowfish_encrypt($data, $pass) {

  if (strlen($pass) > 24) $pass = substr($pass, 0 , 24);
  if (strlen($pass) < 24) $pass = str_pad($pass, 24, 'this is a very secret pad');

  $td = mcrypt_module_open (MCRYPT_BLOWFISH, "", MCRYPT_MODE_ECB, "");
  $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);
  mcrypt_generic_init ($td, $pass, $iv);
  $out = mcrypt_generic ($td, $data);
  mcrypt_generic_end ($td);
  return $out;
}

?>

decrypt.php:
<?
$file = './test.txt_enc';

$fp = fopen($file, "r");
$buf = fread($fp, filesize($file));
fclose($fp);

echo "md5 on encrypted data: " . md5($buf) . "\n";

$pass = '123456789012345678901234';
$buf = blowfish_decrypt($buf, $pass);
echo $buf . "\n";

function blowfish_decrypt($data, $pass) {
  if (strlen($pass) > 24) $pass = substr($pass, 0 , 24);
  if (strlen($pass) < 24) $pass = str_pad($pass, 24, 'this is a very secret pad');

  $td = mcrypt_module_open (MCRYPT_BLOWFISH, "", MCRYPT_MODE_ECB, "");
  $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);
  mcrypt_generic_init ($td, $pass, $iv);
  $out = mdecrypt_generic ($td, $data);
  mcrypt_generic_end ($td);

  ## remove trailing 0 chars that blowfish adds
  return preg_replace('/\0*$/', '', $out);

}
?>

test.txt can be anothing, I used:
"## Created: 2002-07-10 14:46:21\n"


machine 1:
# php -q encrypt.php
md5 on encrypted data: 513f9ac2b549be9a8f54aec53f899545
# php -q decrypt.php
md5 on encrypted data: 513f9ac2b549be9a8f54aec53f899545
## Created: 2002-07-10 14:46:21

#

machine 2:
# php -q encrypt.php
md5 on encrypted data: 1f4f2599844f29ef765583838cf6e553
# php -q decrypt.php
md5 on encrypted data: 1f4f2599844f29ef765583838cf6e553
## Created: 2002-07-10 14:46:21

#

[copied machine 1 test.txt_enc to this machine]
# php -q decrypt.php
md5 on encrypted data: 513f9ac2b549be9a8f54aec53f899545
?DHd???PX????5?D?
#

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-10 18:59 UTC] derick@php.net 
This is indeed no bug in PHP, but you can use MCRYPT_BLOWFISH_COMPAT in 2.5 which *should* be compatible with the MCRYPT_BLOWFISH from 2.4.4.

Derick
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Nov 02 14:00:01 2025 UTC