LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-07-2005, 03:38 PM   #1
lemack
LQ Newbie
 
Registered: Sep 2004
Posts: 5

Rep: Reputation: 0
php mcrypt cookie - mysql query


Edited to clarify:

I'm using the following code to encrypt and decrypt a string. It all seems to work fine until I try and compare the decrypted string with the encrypted string:

<?php
// encrypt
$secret="a string I don't want people to see";
$key="A secret key for my cipher";
echo("<BR>secret = $secret");
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);
$cipher = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $secret, MCRYPT_MODE_ECB, $iv);
echo("<BR>cipher = $cipher");
//decrypt
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);
$checkSecret=mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $cipher, MCRYPT_MODE_ECB, $iv);
echo("<BR>checkSecret = $checkSecret");
if ($checkSecret==$secret) {
echo ("<br>The decrypt has worked");
} else {
echo ("<br>It failed");
}

?>

Results:

secret = a string I don't want people to see
cipher = %(`O@%%G'Mv{Md??Lp) Sل@Fm
checkSecret = a string I don't want people to see
It failed

Try it yourself and see what I mean. The strings are displayed on screen exactly as expected, but the comparison doesn't work.

Last edited by lemack; 02-08-2005 at 07:03 AM.
 
Old 02-08-2005, 09:33 AM   #2
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
I've run into this myself. Sometimes when decrypting, there are some non-blank binary characters added to the end of the string. This *may* represent itself as a box or some other odd character when the de-crypted text is displayed. I overcome this by doing a trim() on the de-crypted text, which ususally does the trick (although occasionally I've had to do something like a preg_replace('/[^a-zA-Z0-9 <whatever other valid characters> ]/', '', $decrypted_string)).

Try changing
Code:
$checkSecret=mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $cipher, MCRYPT_MODE_ECB, $iv);
to
Code:
$checkSecret=trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $cipher, MCRYPT_MODE_ECB, $iv));
and see if that does the trick.
 
Old 02-08-2005, 10:39 AM   #3
lemack
LQ Newbie
 
Registered: Sep 2004
Posts: 5

Original Poster
Rep: Reputation: 0
TruckStuff, thanks for the advice, trim() seems to work.

However, I'm a bit concerend about your comments "(although occasionally I've had to do something like a preg_replace('/[^a-zA-Z0-9 <whatever other valid characters> ]/', '', $decrypted_string))".

Do you use the preg_replace in any specific circumstances, I'm thinking that although trim seems to work okay for the now, it might break at a later time?
 
Old 02-09-2005, 09:21 AM   #4
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
Its more a matter of data filtering/programmer preference. If trim() does the job, use it. If you want to filter the de-crypted data a little more, use preg_replace(). Neither is better than the other for this purpose, although I suppose one could make the argument that one requires a bit more horsepower than the other in a given scenario.

Btw, I think the extra data has something to do with the encryption algorythm being block-level vs. byte-level, but I'm not familiar enough with encryption to know for sure.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
php/,mysql problem: can't query JJX Linux - General 4 01-06-2005 05:10 PM
php: Why Can't I Query Mysql DB?? flamesrock Programming 7 11-16-2004 12:36 AM
php mysql variable arguments in query. ldp Linux - Software 0 10-26-2004 07:56 AM
PHP MySQL Query Question vi0lat0r Programming 1 07-15-2004 05:02 AM
Mysql/PHP query problem with datetime field. Pcghost Programming 2 11-11-2003 12:24 PM


All times are GMT -5. The time now is 09:13 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration