php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #52989 the mcrypt_encrypt and mcrypt_decrypt functions are not accurate working.
Submitted: 2010-10-05 06:24 UTC Modified: 2010-10-13 12:44 UTC
From: info at wtovn dot com Assigned:
Status: Not a bug Package: *Encryption and hash functions
PHP Version: 5.3SVN-2010-10-05 (snap) OS: WIN32
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: info at wtovn dot com
New email:
PHP Version: OS:

 

 [2010-10-05 06:24 UTC] info at wtovn dot com 
Description:
------------
the mcrypt_encrypt and mcrypt_decrypt functions are not accurate working. 
please see script below.

Test script:
---------------
    $data = "Cộng hòa xã hội chủ nghĩa việt nam, độc lập tự do hạnh phúc";   
    $iv_size = mcrypt_get_iv_size(MCRYPT_3DES, MCRYPT_MODE_ECB);   
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);   
    $key = "01";
    $crypttext = mcrypt_encrypt(MCRYPT_3DES, $key, $data, MCRYPT_MODE_ECB, $iv);   
    $key = "10";   
    $decrypt = mcrypt_decrypt (MCRYPT_3DES, $key , $crypttext , MCRYPT_MODE_ECB, $iv) ;  


then result are :

    $data = $decrypt ????

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-10-13 04:01 UTC] uramihsayibok at gmail dot com 
Not a bug. It's due to the nature of DES.

The least significant bit of each byte in the key is NOT USED, and the only difference between the characters '0' and '1' is that least significant bit. You can see the same behavior swapping 'B' and 'C', 'P' and 'Q', and 'x' and 'y' (to give some examples). Generically, any even-numbered ASCII character can be swapped with its n+1 neighbor, and vice versa.

Separately: ECB mode does not use IVs so $iv is pointless.
 [2010-10-13 12:44 UTC] derick@php.net
-Status: Open +Status: Bogus
 [2010-10-13 12:44 UTC] derick@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

Thanks for the explanation uramihsayibok; I did not know this.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 26 17:01:30 2024 UTC