www.webdeveloper.com
Results 1 to 8 of 8

Thread: Problem with mcrypt_decrypt

  1. #1
    Join Date
    Jun 2006
    Location
    Under your bed
    Posts
    357

    Problem with mcrypt_decrypt

    PHP Code:
    $key='some secret key here';

    if (empty(
    $_COOKIE['username']))
    {
        
    $username='someuser';
        
    $encrypted_username=mcrypt_ecb(MCRYPT_3DES$key$usernameMCRYPT_ENCRYPT);
        
    setcookie('username'"$encrypted_username"time()+60*60*24*30'/');
        print 
    'Cookie created.';
    }
    elseif (isset(
    $_COOKIE['username']))
    {
       
    $username_decrypted=mcrypt_decrypt(MCRYPT_3DES$key$_COOKIE['username'], MCRYPT_DECRYPT);
        print 
    'You are logged in as '.$username_decrypted;

    This is what I get when I load the page after the cookie was created:
    Warning: mcrypt_decrypt() [function.mcrypt-decrypt]: Module initialization failed in C:\xampp\htdocs\xampp\phptest.php on line 14
    You are logged in as
    It's supposed to just say, "You are logged in as someuser."

    Edit: By the way, I verified that it was encrypting and making the cookie.
    Last edited by evenstar7139; 02-06-2012 at 01:05 PM.
    The better I get at programming, the more I appreciate arrays. Handy dandy things they are.

  2. #2
    Join Date
    Jul 2003
    Location
    The City of Roses
    Posts
    2,503
    PHP has certain functions that are meant to be used together, such as mcrypt_decrypt and mcrypt_encrypt. You're using mcrypt_decrypt, but for encryption, you're instead using mcrypt_ecb.

    You're also passing incorrect arguments to mcrypt_decrypt. The mode argument needs to be one of MCRYPT_MODE_ECB, MCRYPT_MODE_CBC, MCRYPT_MODE_CFB, etc. The standard choice is CBC. Use that unless you have a good reason to choose differently.
    for(split(//,'))*))91:+9.*4:1A1+9,1))2*:..)))2*:31.-1)4131)1))2*:3)"'))
    {for(ord){$i+=$_&7;grep(vec($s,$i++,1)=1,1..($_>>3)-4);}}print"$s\n";

  3. #3
    Join Date
    Jun 2006
    Location
    Under your bed
    Posts
    357
    Okay I changed the code to this:

    PHP Code:
    $key='some secret key here';

    if (empty(
    $_COOKIE['username']))
    {
       
    $username='someuser';
       
    $iv_size mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256MCRYPT_MODE_ECB);
       
    $iv mcrypt_create_iv($iv_sizeMCRYPT_RAND);
       
    $encrypted_username=mcrypt_encrypt(MCRYPT_RIJNDAEL_256$key$usernameMCRYPT_MODE_ECB$iv);
       
    setcookie('username'"$encrypted_username"time()+60*60*24*30'/');
       print 
    'Cookie created.';
    }
    elseif (isset(
    $_COOKIE['username']))
    {
       
    $username_decrypted=mcrypt_decrypt(MCRYPT_3DES$key$_COOKIE['username'], MCRYPT_MODE_CBC);
       print 
    'You are logged in as '.$username_decrypted;

    And now I'm getting this when I load the page after cookie creation:
    Warning: mcrypt_decrypt() [function.mcrypt-decrypt]: Attempt to use an empty IV, which is NOT recommend in C:\xampp\htdocs\xampp\phptest.php on line 15
    You are logged in as D'TtNeNJ5-r]#P:fK
    The better I get at programming, the more I appreciate arrays. Handy dandy things they are.

  4. #4
    Join Date
    Jul 2003
    Location
    The City of Roses
    Posts
    2,503
    Couple problems going on here.

    You're encrypting with MCRYPT_RIJNDAEL_256 and MCRYPT_MODE_ECB, but decrypting with MCRYPT_3DES and MCRYPT_MODE_CBC. And for the IV... the same IV you use during encryption must also be used during decryption. So if you're going to generate a random IV, then you'll need to save the IV in the cookie so you can reuse it during decryption.
    for(split(//,'))*))91:+9.*4:1A1+9,1))2*:..)))2*:31.-1)4131)1))2*:3)"'))
    {for(ord){$i+=$_&7;grep(vec($s,$i++,1)=1,1..($_>>3)-4);}}print"$s\n";

  5. #5
    Join Date
    Jun 2006
    Location
    Under your bed
    Posts
    357
    Thanks for your help so far. I have (I think) just one more question.

    PHP Code:
    $key='a secret key here';
    if (empty(
    $_COOKIE['username']))
    {
       
    $username='someuser';
       
    $encrypted_username=mcrypt_encrypt(MCRYPT_3DES$key$encrypted_usernameMCRYPT_MODE_CBC0);
       
    setcookie('username'"$encrypted_username"time()+60*60*24*30'/');
       print 
    "Cookie created: $encrypted_username";
    }
    elseif (isset(
    $_COOKIE['username']))
    {
       
    $username_decrypted=mcrypt_decrypt(MCRYPT_3DES$key$_COOKIE['username'], MCRYPT_MODE_CBC0);
       print 
    'Username encrypted: '.$_COOKIE['username']." || Username decrypted: $username_decrypted";

    I wonder why I'm getting this error when mcrypt_encrypt is called:
    Warning: mcrypt_encrypt() [function.mcrypt-encrypt]: The IV parameter must be as long as the blocksize in C:\xampp\htdocs\xampp\phptest.php on line 8
    and this error when mcrypt_decrypt is called:

    Warning: mcrypt_decrypt() [function.mcrypt-decrypt]: The IV parameter must be as long as the blocksize in C:\xampp\htdocs\xampp\phptest.php on line 14
    The better I get at programming, the more I appreciate arrays. Handy dandy things they are.

  6. #6
    Join Date
    Jul 2003
    Location
    The City of Roses
    Posts
    2,503
    The IV needs to be a specific size, which may be different for each encryption algorithm. If you want an IV of all 0 bytes, here's what you'll need to do.

    $ivSize = 8; // I *think* this is 3DES's IV size
    $iv = str_repeat("\0", $ivSize);

    Ideally we would use mcrypt_enc_get_iv_size, but to do that, we'd have to use a whole other set of mcrypt functions.
    for(split(//,'))*))91:+9.*4:1A1+9,1))2*:..)))2*:31.-1)4131)1))2*:3)"'))
    {for(ord){$i+=$_&7;grep(vec($s,$i++,1)=1,1..($_>>3)-4);}}print"$s\n";

  7. #7
    Join Date
    Jun 2006
    Location
    Under your bed
    Posts
    357
    Does the IV size have anything to do with the length of the string that is being encrypted?
    The better I get at programming, the more I appreciate arrays. Handy dandy things they are.

  8. #8
    Join Date
    Jul 2003
    Location
    The City of Roses
    Posts
    2,503
    Nope. The size of the IV is tied to the cipher algorithm.
    for(split(//,'))*))91:+9.*4:1A1+9,1))2*:..)))2*:31.-1)4131)1))2*:3)"'))
    {for(ord){$i+=$_&7;grep(vec($s,$i++,1)=1,1..($_>>3)-4);}}print"$s\n";

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles