Jump to content

Encryption Issue


AndrewM16921
 Share

Recommended Posts

I'm trying to write a little password encryption tool (mostly as a learning experience - but I may end up using it too :P). And the encryption and decryption functions I wrote seem to work just fine (see crypt_test.php below). But, for some reason when I try to decrypt a result from a MySql database it doesn't seem to work (see db.php below). Not sure if it's some sort of weird data type issue? Or something else entirely. Code is below... maybe somebody can point me in the right direction. :/
Edit: Seems the encryption function creates a whole different string each execution, which is why the test worked but the db stuff doesn't. Guessing it has something to do with MCRYPT_RAND... help still appreciated though.
Thanks ahead of time.
crypt.php
<?php  function encrypt($s)  {    $key = pack('H*', "-"); //took out keys for forum post    $key_size =  strlen($key);    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);    $s_utf8 = utf8_encode($s);    $cipher = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $s_utf8, MCRYPT_MODE_CBC, $iv);    $cipher = $iv . $cipher;    $cipher_base64 = base64_encode($cipher);    return $cipher_base64;  }  function decrypt($s)  {    $key = pack('H*', "-"); //took out keys for forum post    $key_size =  strlen($key);    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);    $cipher_dec = base64_decode($s);    $iv_dec = substr($cipher_dec, 0, $iv_size);    $cipher_dec = substr($cipher_dec, $iv_size);    $decipher_utf8 = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key,  $cipher_dec, MCRYPT_MODE_CBC, $iv_dec);    $decipher_utf8 = str_replace("0", "", $decipher_utf8);    return $decipher_utf8;  }?>
crypt_test.php
<?php  include('crypt.php');  $p = "password";  $c = encrypt($p);  $d = decrypt($c);  echo $p.'<br />';  echo $c.'<br />';  echo $d.'<br />'; //works just fine?>
db.php
<?php  include_once('crypt.php');    function connect()  {    $con = mysql_connect('-', '-', '-');    if(!$con)      die('Could not connect: ' . mysql_error());    mysql_select_db('-', $con);  }  function login($user, $pass)  {    connect();    $user = mysql_real_escape_string($user);    $pass = mysql_real_escape_string($pass);    $sql = "SELECT uid, password FROM Accounts WHERE username='$user'";    $result = mysql_query($sql);    if($row = mysql_fetch_array($result))    {      echo $pass . " : ";      echo $row['password'] . " : ";      echo decrypt($row['password']); //garbled nonsense            if($pass == decrypt($row['password']))        return $row['uid'];    }    return -1;  }    function register($user, $pass, $email)  {    connect();    $user = mysql_real_escape_string($user);    $pass = mysql_real_escape_string($pass);    $pass = encrypt($pass);    $email = mysql_real_escape_string($email);        $sql = "INSERT INTO Accounts (username, password, email) VALUES ('$user', '$pass', '$email')";    mysql_query($sql);  }?>
Edited by AndrewM16921
  • Like 1
Link to comment
Share on other sites

It's probably because you're combining the initializing vector with the result of the encryption. You don't need to save the initialization vector or use the same one when you decrypt, it's just to provide a random seed. You don't need to know the original initialization vector to decrypt the text.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...