php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #49317 The encryption function 'mcrypt_cfb(..)' to failed encrypt password 'Zx57Kl36'
Submitted: 2009-08-21 07:37 UTC Modified: 2009-08-21 10:12 UTC
From: jinger dot jiang at autodesk dot com Assigned:
Status: Not a bug Package: mcrypt related
PHP Version: 5.2.10 OS: Vista, Windows2003
Private report: No CVE-ID: None
 [2009-08-21 07:37 UTC] jinger dot jiang at autodesk dot com
Description:
------------
I use the function mcrypt_cfb(..,MCRYPT_ENCRYPT,.) to encrypt a password valued 'Zx57Kl36', then I use mcrypt_cfb(..,MCRYPT_DECRYPT,..) to decrypt the value, it changed to 'Zx57Kl3'.
I also have tried 'Zx57Kl32', 'Zx57Kl34' and 'Zx57Kl35', these value is changed to 'Zx57Kl3' too after decrypt. But 'Zx57Kl30', 'Zx57Kl31' etc are correct after decrypt.



Reproduce code:
---------------
My code:
//$plain_text can be 'Zx57Kl36' etc.
function encrypt($plain_text) {
    $plain_text = trim($plain_text);
    $iv = substr(md5($key), 0,mcrypt_get_iv_size (MCRYPT_CAST_256,MCRYPT_MODE_CFB));
    $c_t = mcrypt_cfb (MCRYPT_CAST_256, $key, $plain_text, MCRYPT_ENCRYPT, $iv);
    $ret = trim(chop(base64_encode($c_t)));
    return $ret;
}

function decrypt($c_t) {
    $c_t =  trim(chop(base64_decode($c_t)));
    $iv = substr(md5($key), 0,mcrypt_get_iv_size (MCRYPT_CAST_256,MCRYPT_MODE_CFB));
    $p_t = mcrypt_cfb (MCRYPT_CAST_256, $key, $c_t, MCRYPT_DECRYPT, $iv);
    $ret = trim(chop($p_t));
    return $ret;
}


Expected result:
----------------
$ret=encrypt('Zx57Kl36');
$ret=decrypt($ret);
then $ret should be 'Zx57Kl36' but not 'Zx57Kl3'.


Actual result:
--------------
$ret=encrypt('Zx57Kl36');
$ret=decrypt($ret);
$ret equals to 'Zx57Kl3'. It should be 'Zx57Kl36'.



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-08-21 08:56 UTC] sjoerd-php at linuxonly dot nl
Thank you for your bug report.

In your example, the variable $key is not defined. Although the behavior you report can still be considered a bug, it only seem to happen when $key is empty. Supplying a correct key fixes your problem and is useful from a security point of view.
 [2009-08-21 09:18 UTC] derick@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

function decrypt($c_t) {
    $c_t =  trim(chop(base64_decode($c_t)));

That is broken, you might remove *required* \0 characters at the end of the string. Where did you find this as example (because I've seen it reported more often)?
 [2009-08-21 09:44 UTC] jinger dot jiang at autodesk dot com
Sorry for uncomplete code, the $key is not empty.

Here is the complete code:
$key="testlink";
 
function encrypt($plain_text) {
    $plain_text = trim($plain_text);
    $iv = substr(md5($key), 0,mcrypt_get_iv_size (MCRYPT_CAST_256,MCRYPT_MODE_CFB));
    $c_t = mcrypt_cfb (MCRYPT_CAST_256, $key, $plain_text, MCRYPT_ENCRYPT, $iv);
    $ret = trim(chop(base64_encode($c_t)));
    return $ret;
}

function decrypt($c_t) {
    $c_t =  trim(chop(base64_decode($c_t)));
    $iv = substr(md5($key), 0,mcrypt_get_iv_size (MCRYPT_CAST_256,MCRYPT_MODE_CFB));
    $p_t = mcrypt_cfb (MCRYPT_CAST_256, $key, $c_t, MCRYPT_DECRYPT, $iv);
    $ret = trim(chop($p_t));
    return $ret;
}
 [2009-08-21 10:12 UTC] jinger dot jiang at autodesk dot com
It has been solved by remove the 'trim' function. Thanks.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Sep 18 17:03:38 2021 UTC