php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #52989 the mcrypt_encrypt and mcrypt_decrypt functions are not accurate working.
Submitted: 2010-10-05 06:24 UTC Modified: 2010-10-13 12:44 UTC
From: info at wtovn dot com Assigned:
Status: Not a bug Package: *Encryption and hash functions
PHP Version: 5.3SVN-2010-10-05 (snap) OS: WIN32
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
48 - 23 = ?
Subscribe to this entry?

 
 [2010-10-05 06:24 UTC] info at wtovn dot com 
Description:
------------
the mcrypt_encrypt and mcrypt_decrypt functions are not accurate working. 
please see script below.

Test script:
---------------
    $data = "Cộng hòa xã hội chủ nghĩa việt nam, độc lập tự do hạnh phúc";   
    $iv_size = mcrypt_get_iv_size(MCRYPT_3DES, MCRYPT_MODE_ECB);   
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);   
    $key = "01";
    $crypttext = mcrypt_encrypt(MCRYPT_3DES, $key, $data, MCRYPT_MODE_ECB, $iv);   
    $key = "10";   
    $decrypt = mcrypt_decrypt (MCRYPT_3DES, $key , $crypttext , MCRYPT_MODE_ECB, $iv) ;  


then result are :

    $data = $decrypt ????

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-10-13 04:01 UTC] uramihsayibok at gmail dot com 
Not a bug. It's due to the nature of DES.

The least significant bit of each byte in the key is NOT USED, and the only difference between the characters '0' and '1' is that least significant bit. You can see the same behavior swapping 'B' and 'C', 'P' and 'Q', and 'x' and 'y' (to give some examples). Generically, any even-numbered ASCII character can be swapped with its n+1 neighbor, and vice versa.

Separately: ECB mode does not use IVs so $iv is pointless.
 [2010-10-13 12:44 UTC] derick@php.net
-Status: Open +Status: Bogus
 [2010-10-13 12:44 UTC] derick@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

Thanks for the explanation uramihsayibok; I did not know this.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 17:01:30 2024 UTC