php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #13189 Non mhash binmd5() implementation in pear/Crypt?HCEMD5.php
Submitted: 2001-09-07 00:06 UTC Modified: 2002-01-19 12:57 UTC
From: plasma at projectplasma dot com Assigned:
Status: Closed Package: PEAR related
PHP Version: 4.0.4pl1 OS: Linux
Private report: No CVE-ID: None
 [2001-09-07 00:06 UTC] plasma at projectplasma dot com
If one does not have the mhash extension the HCEMD5.php
script falls back to the following in the binmd5() method:

return pack('H*', md5(pack('H*', preg_replace('|00$|', '', bin2hex($string)))));

Which does not interoperate with the perl Crypt::HCE_MD5.pm
unless one uses a 7 bit clean key 2.

replacing the above line with:

return pack('H*', md5($string));

Works much better.  What problem was the original line trying to work around?  Is this a problem with the perl implementation or the HCEMD5.php script?

Thanks

#!/usr/bin/perl -w
# The following PERL script generates an HCE_MD5 encrypted
# message that's format compatible with decodeMimeSelfRand()

use Crypt::HCE_MD5;
use MIME::Base64;

$rand = int(1 + rand(32767));
$prand = pack('i*',$rand);

# base64 encode key2
chomp( $mime_rand = encode_base64($prand) );

# create cipher object with key1 & key2
$cipher = Crypt::HCE_MD5->new("greatjustice", $prand);

# encrypt & base64 encode
$ciphertext = $cipher->hce_block_encode_mime("Hunka Bunka");

# emit Crypt_HCEMD5::decodeMimeSelfRand() compatible ciphertext
print "$mimerand#$ciphertext\n";



Patches

Add a Patch

Pull Requests

Add a Pull Request

 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC