|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2002-04-18 01:32 UTC] derick@php.net
[2002-04-18 03:13 UTC] derick@php.net
[2002-04-18 05:08 UTC] mfischer@php.net
[2002-04-18 05:27 UTC] derick@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Oct 17 21:01:27 2024 UTC |
Here is the basic problem I have noticed: My functions to encrypt/decrypt, following (atleast in my opinion) the documentation: and are included at the bottom of this bug report. Quoting Mcrypt: "You must (in CFB and OFB mode) or can (in CBC mode) supply an initialization vector (IV) to the respective cipher function. The IV must be unique and must be the same when decrypting/encrypting." However there is a problem: mcrypt_create_iv (99.9% of the time) will never produce the same $iv you started with, with its current options. Which means: you can never decrypt with the same IV, unless you save this IV somewhere along with your encrypted text, but I think that would be quite silly :) My suggestion: Allow a user to input an optional argument for mcrypt_create_iv() which is something that they can call upon on _both_ the encrypting and decrypting. Two examples off the top of my head that would work, would be an md5 of a file, or md5 of the actual keyphrase (the latter probably being the eaiest and most robust). Then have mycrypt_create_iv() 'pad' or whatever the hell it does :) the rest of the IV (because if I try to use md5($key) as my $iv, it says the lengths don't match) in so much as it would pad identically on both encrypting/decrypting when called with the same third parameter. either way, I've yet to see my encryption/decryption with mcrypt work with an IV, and if you can point out what i'm doing, i'll be more than happy to pass the information along to the many people i've talked to who tried but couldn't ever get a decrypt out of an encrypt using this method. cheers, kyle -- snippet -- function encrypt($key, $plain_text) { // returns encrypted text // incoming: should be the $key that was encrypt // with and the $plain_text that wants to be encrypted $plain_text = trim($plain_text); $iv = mcrypt_create_iv (mcrypt_get_iv_size (MCRYPT_CAST_256,MCRYPT_MODE_CFB), MCRYPT_DEV_RANDOM); $c_t = mcrypt_cfb (MCRYPT_CAST_256, $key, $plain_text, MCRYPT_ENCRYPT, $iv); return trim(chop(base64_encode($c_t))); } function decrypt($key, $c_t) { // incoming: should be the $key that you encrypted // with and the $c_t (encrypted text) // returns plain text // decode it first :) $c_t = trim(chop(base64_decode($c_t))); $iv = mcrypt_create_iv (mcrypt_get_iv_size (MCRYPT_CAST_256,MCRYPT_MODE_CFB), MCRYPT_DEV_RANDOM); $p_t = mcrypt_cfb (MCRYPT_CAST_256, $key, $c_t, MCRYPT_DECRYPT, $iv); return trim(chop($p_t)); }