On Mon, Jun 7, 2010 at 11:20 PM, Paul M Foster <paulf@xxxxxxxxxxxxxxxxx>wrote:
> I've got a file of passwords I'd like to encrypt/decrypt using blowfish.
> I'd
> like to be able to do so with PHP and via the command line. I have a
> Linux utility call "bcrypt" which encrypts/decrypts files using
> blowfish. And I'm using the following code under PHP to do
> encryption/decryption:
>
> $raw_data = file('junk');
> $input = implode('', $raw_data);
>
> $td = mcrypt_module_open(MCRYPT_BLOWFISH, '', MCRYPT_MODE_ECB, '');
> $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
> mcrypt_generic_init($td, $key, $iv);
> $encrypted_data = mcrypt_generic($td, $input);
> file_put_contents('encjunk', $encrypted_data);
> mcrypt_generic_deinit($td);
> mcrypt_module_close($td);
>
>
> Now, here's the problem. I'm using bcrypt to encrypt my junk file and
> dump it out to an encrypted file. And I'm using the above PHP code to
> encrypt the same file out to a different file. Using the same keys in
> both cases, I get different encrypted files.
>
> My logic: using the same encryption method and the same key, two
> different implementations should produce equivalent files.
>
> Yet they don't. I'm guessing that the "initialization vector" is
> different between the two implementations, resulting in the difference
> between the encrypted files.
>
> For those who know more about encryption than I do, does that sound
> right?
>
> Paul
>
> --
> Paul M. Foster
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
ECB (Electronic Code Book) mode works without an initialization vector.
Imagine having a big, thick code book, and every possible 8-letter
combination in the book. To encrypt the message, you thumb through the book
and find the plain text "THE KIDS", and write down its cipher text
representation, "JKWSCTFI." Easy to implement, and easy to maintain (you
don't have to make sure an IV is shared between the exchanging parties.)
If one has multiple samples of encrypted emails, it's likely that the
several of the samples will end using the same cipher text, as many people
end their emails with a consistent signature. This repeated cipher text
improves the ability of those trying to attack (decrypt the message.)
Hence, most professionals recommend avoiding ECB mode.
Now, looking at your PHP code, I see that it appears your mixing and
matching some of the families of calls in ways that might lead to unexpected
results. Try the below:
$ciphertext = mcrypt_encrypt(
$cipher = MCRYPT_BLOWFISH,
$key,
$plaintext,
$mode = 'cbc', // I just tossed this in as an example, but you should
match the mode bcrypt is using
$iv = 'use only once, sometimes a count, or a date' // needed for
decryption, too, although it doesn't have to remain a secret.
);
Hope this helps,
Adam
--
Nephtali: PHP web framework that functions beautifully
http://nephtaliproject.com
