www.webdeveloper.com
+ Reply to Thread
Results 1 to 8 of 8
  1. 02-06-2012 12:49 PM #1
    evenstar7139's Avatar
    evenstar7139
    evenstar7139 is offline Chick Programmer!
    Join Date
    Jun 2006
    Location
    Under your bed
    Posts
    356

    Problem with mcrypt_decrypt

    PHP Code:
    $key='some secret key here';

    if (empty(    $_COOKIE['username']))
    {
            $username='someuser';
            $encrypted_username=mcrypt_ecb(MCRYPT_3DES$key$usernameMCRYPT_ENCRYPT);
            setcookie('username'"$encrypted_username"time()+60*60*24*30'/');
        print     'Cookie created.';
    }
    elseif (isset(    $_COOKIE['username']))
    {
           $username_decrypted=mcrypt_decrypt(MCRYPT_3DES$key$_COOKIE['username'], MCRYPT_DECRYPT);
        print     'You are logged in as '.$username_decrypted;
    This is what I get when I load the page after the cookie was created:
    Warning: mcrypt_decrypt() [function.mcrypt-decrypt]: Module initialization failed in C:\xampp\htdocs\xampp\phptest.php on line 14
    You are logged in as
    It's supposed to just say, "You are logged in as someuser."

    Edit: By the way, I verified that it was encrypting and making the cookie.
    Last edited by evenstar7139; 02-06-2012 at 01:05 PM.
    The better I get at programming, the more I appreciate arrays. Handy dandy things they are.
    Reply With Quote Reply With Quote
  2. 02-06-2012 01:18 PM #2
    Jeff Mott's Avatar
    Jeff Mott
    Jeff Mott is offline Super Moderator
    Join Date
    Jul 2003
    Location
    The City of Roses
    Posts
    2,498
    PHP has certain functions that are meant to be used together, such as mcrypt_decrypt and mcrypt_encrypt. You're using mcrypt_decrypt, but for encryption, you're instead using mcrypt_ecb.

    You're also passing incorrect arguments to mcrypt_decrypt. The mode argument needs to be one of MCRYPT_MODE_ECB, MCRYPT_MODE_CBC, MCRYPT_MODE_CFB, etc. The standard choice is CBC. Use that unless you have a good reason to choose differently.
    for(split(//,'))*))91:+9.*4:1A1+9,1))2*:..)))2*:31.-1)4131)1))2*:3)"'))
    {for(ord){$i+=$_&7;grep(vec($s,$i++,1)=1,1..($_>>3)-4);}}print"$s\n";
    Reply With Quote Reply With Quote
  3. 02-06-2012 01:36 PM #3
    evenstar7139's Avatar
    evenstar7139
    evenstar7139 is offline Chick Programmer!
    Join Date
    Jun 2006
    Location
    Under your bed
    Posts
    356
    Okay I changed the code to this:

    PHP Code:
    $key='some secret key here';

    if (empty(    $_COOKIE['username']))
    {
           $username='someuser';
           $iv_size mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256MCRYPT_MODE_ECB);
           $iv mcrypt_create_iv($iv_sizeMCRYPT_RAND);
           $encrypted_username=mcrypt_encrypt(MCRYPT_RIJNDAEL_256$key$usernameMCRYPT_MODE_ECB$iv);
           setcookie('username'"$encrypted_username"time()+60*60*24*30'/');
       print     'Cookie created.';
    }
    elseif (isset(    $_COOKIE['username']))
    {
           $username_decrypted=mcrypt_decrypt(MCRYPT_3DES$key$_COOKIE['username'], MCRYPT_MODE_CBC);
       print     'You are logged in as '.$username_decrypted;

    And now I'm getting this when I load the page after cookie creation:
    Warning: mcrypt_decrypt() [function.mcrypt-decrypt]: Attempt to use an empty IV, which is NOT recommend in C:\xampp\htdocs\xampp\phptest.php on line 15
    You are logged in as ‚Dî'üTtNeýNJ5-ró]#P:fÁø†K
    The better I get at programming, the more I appreciate arrays. Handy dandy things they are.
    Reply With Quote Reply With Quote
  4. 02-06-2012 02:06 PM #4
    Jeff Mott's Avatar
    Jeff Mott
    Jeff Mott is offline Super Moderator
    Join Date
    Jul 2003
    Location
    The City of Roses
    Posts
    2,498
    Couple problems going on here.

    You're encrypting with MCRYPT_RIJNDAEL_256 and MCRYPT_MODE_ECB, but decrypting with MCRYPT_3DES and MCRYPT_MODE_CBC. And for the IV... the same IV you use during encryption must also be used during decryption. So if you're going to generate a random IV, then you'll need to save the IV in the cookie so you can reuse it during decryption.
    for(split(//,'))*))91:+9.*4:1A1+9,1))2*:..)))2*:31.-1)4131)1))2*:3)"'))
    {for(ord){$i+=$_&7;grep(vec($s,$i++,1)=1,1..($_>>3)-4);}}print"$s\n";
    Reply With Quote Reply With Quote
  5. 02-06-2012 04:59 PM #5
    evenstar7139's Avatar
    evenstar7139
    evenstar7139 is offline Chick Programmer!
    Join Date
    Jun 2006
    Location
    Under your bed
    Posts
    356
    Thanks for your help so far. I have (I think) just one more question.

    PHP Code:
    $key='a secret key here';
    if (empty(    $_COOKIE['username']))
    {
           $username='someuser';
           $encrypted_username=mcrypt_encrypt(MCRYPT_3DES$key$encrypted_usernameMCRYPT_MODE_CBC0);
           setcookie('username'"$encrypted_username"time()+60*60*24*30'/');
       print     "Cookie created: $encrypted_username";
    }
    elseif (isset(    $_COOKIE['username']))
    {
           $username_decrypted=mcrypt_decrypt(MCRYPT_3DES$key$_COOKIE['username'], MCRYPT_MODE_CBC0);
       print     'Username encrypted: '.$_COOKIE['username']." || Username decrypted: $username_decrypted";

    I wonder why I'm getting this error when mcrypt_encrypt is called:
    Warning: mcrypt_encrypt() [function.mcrypt-encrypt]: The IV parameter must be as long as the blocksize in C:\xampp\htdocs\xampp\phptest.php on line 8
    and this error when mcrypt_decrypt is called:

    Warning: mcrypt_decrypt() [function.mcrypt-decrypt]: The IV parameter must be as long as the blocksize in C:\xampp\htdocs\xampp\phptest.php on line 14
    The better I get at programming, the more I appreciate arrays. Handy dandy things they are.
    Reply With Quote Reply With Quote
  6. 02-06-2012 05:37 PM #6
    Jeff Mott's Avatar
    Jeff Mott
    Jeff Mott is offline Super Moderator
    Join Date
    Jul 2003
    Location
    The City of Roses
    Posts
    2,498
    The IV needs to be a specific size, which may be different for each encryption algorithm. If you want an IV of all 0 bytes, here's what you'll need to do.

    $ivSize = 8; // I *think* this is 3DES's IV size
    $iv = str_repeat("\0", $ivSize);

    Ideally we would use mcrypt_enc_get_iv_size, but to do that, we'd have to use a whole other set of mcrypt functions.
    for(split(//,'))*))91:+9.*4:1A1+9,1))2*:..)))2*:31.-1)4131)1))2*:3)"'))
    {for(ord){$i+=$_&7;grep(vec($s,$i++,1)=1,1..($_>>3)-4);}}print"$s\n";
    Reply With Quote Reply With Quote
  7. 02-06-2012 07:38 PM #7
    evenstar7139's Avatar
    evenstar7139
    evenstar7139 is offline Chick Programmer!
    Join Date
    Jun 2006
    Location
    Under your bed
    Posts
    356
    Does the IV size have anything to do with the length of the string that is being encrypted?
    The better I get at programming, the more I appreciate arrays. Handy dandy things they are.
    Reply With Quote Reply With Quote
  8. 02-06-2012 08:06 PM #8
    Jeff Mott's Avatar
    Jeff Mott
    Jeff Mott is offline Super Moderator
    Join Date
    Jul 2003
    Location
    The City of Roses
    Posts
    2,498
    Nope. The size of the IV is tied to the cipher algorithm.
    for(split(//,'))*))91:+9.*4:1A1+9,1))2*:..)))2*:31.-1)4131)1))2*:3)"'))
    {for(ord){$i+=$_&7;grep(vec($s,$i++,1)=1,1..($_>>3)-4);}}print"$s\n";
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules

 HTML5 Development Center



Recent Articles