php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #18267 mcrypt-blowfish data encrypted on one machine not decryptable on other machine
Submitted: 2002-07-10 18:56 UTC Modified: 2002-07-10 18:59 UTC
From: mcrypt at michael dot mailshell dot com Assigned:
Status: Not a bug Package: mcrypt related
PHP Version: 4.2.0 OS: Linux Mandrake
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mcrypt at michael dot mailshell dot com
New email:
PHP Version: OS:

 

 [2002-07-10 18:56 UTC] mcrypt at michael dot mailshell dot com
I am able to encrypt and decrypt on each machine, but the encrypted data can only be decrypted on that 
machine. I'm guessing this is an issue with the version of mcrypt. This is very disterbing as I have 
thousands of encrypted emails of customers. As I have no key to them I will never be able to upgrade mcrypt 
w/o this bug being resolved.

Machine 1:
kernel-2.2.17-21mdk
php version: 4.2.0
# rpm -qa | grep mcrypt
libmcrypt-2.4.4-1
libmcrypt-devel-2.4.18-2

Machine 2:
kernel-2.4.18.1mdk-1-1mdk
# rpm -qa | grep mcrypt
libmcrypt4-2.5.1-1mdk
libmcrypt4-devel-2.5.1-1mdk
php-mcrypt-4.2.1-4mdk

encrypt.php:
<?

$file = './test.txt';

$fp = fopen($file, "r");
$buf = fread($fp, filesize($file));
fclose($fp);
## echo $buf;

$tmp = '123456789012345678901234';
$buf = blowfish_encrypt($buf, $tmp);
echo "md5 on encrypted data: " . md5($buf) . "\n";

$fp = fopen($file . "_enc", "w");
fwrite ($fp, $buf);
fclose($fp);


function blowfish_encrypt($data, $pass) {

  if (strlen($pass) > 24) $pass = substr($pass, 0 , 24);
  if (strlen($pass) < 24) $pass = str_pad($pass, 24, 'this is a very secret pad');

  $td = mcrypt_module_open (MCRYPT_BLOWFISH, "", MCRYPT_MODE_ECB, "");
  $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);
  mcrypt_generic_init ($td, $pass, $iv);
  $out = mcrypt_generic ($td, $data);
  mcrypt_generic_end ($td);
  return $out;
}

?>

decrypt.php:
<?
$file = './test.txt_enc';

$fp = fopen($file, "r");
$buf = fread($fp, filesize($file));
fclose($fp);

echo "md5 on encrypted data: " . md5($buf) . "\n";

$pass = '123456789012345678901234';
$buf = blowfish_decrypt($buf, $pass);
echo $buf . "\n";

function blowfish_decrypt($data, $pass) {
  if (strlen($pass) > 24) $pass = substr($pass, 0 , 24);
  if (strlen($pass) < 24) $pass = str_pad($pass, 24, 'this is a very secret pad');

  $td = mcrypt_module_open (MCRYPT_BLOWFISH, "", MCRYPT_MODE_ECB, "");
  $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);
  mcrypt_generic_init ($td, $pass, $iv);
  $out = mdecrypt_generic ($td, $data);
  mcrypt_generic_end ($td);

  ## remove trailing 0 chars that blowfish adds
  return preg_replace('/\0*$/', '', $out);

}
?>

test.txt can be anothing, I used:
"## Created: 2002-07-10 14:46:21\n"


machine 1:
# php -q encrypt.php
md5 on encrypted data: 513f9ac2b549be9a8f54aec53f899545
# php -q decrypt.php
md5 on encrypted data: 513f9ac2b549be9a8f54aec53f899545
## Created: 2002-07-10 14:46:21

#

machine 2:
# php -q encrypt.php
md5 on encrypted data: 1f4f2599844f29ef765583838cf6e553
# php -q decrypt.php
md5 on encrypted data: 1f4f2599844f29ef765583838cf6e553
## Created: 2002-07-10 14:46:21

#

[copied machine 1 test.txt_enc to this machine]
# php -q decrypt.php
md5 on encrypted data: 513f9ac2b549be9a8f54aec53f899545
?DHd???PX????5?D?
#

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-10 18:59 UTC] derick@php.net
This is indeed no bug in PHP, but you can use MCRYPT_BLOWFISH_COMPAT in 2.5 which *should* be compatible with the MCRYPT_BLOWFISH from 2.4.4.

Derick
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Oct 14 17:01:28 2024 UTC