Hi Paul, > > If one has multiple samples of encrypted emails, it's likely that the > several > > of the samples will end using the same cipher text, as many people end > their > > emails with a consistent signature. This repeated cipher text improves > the > > ability of those trying to attack (decrypt the message.) Hence, most > > professionals recommend avoiding ECB mode. > > Well, bcrypt mentions CBC in the (brief) documentation, but the C code > contains a couple of tables, one containing probably 1024 32-bit long > integer values. Based on your description, that sounds like ECB, right? > I provided the description of ECB merely to provide a general theoretical understanding of ECB (i.e., there is a one-to-one correspondence between any chunk of plaintext and any resulting ciphertext that is always the same.) However, in practical terms, tables you see in code usually have to do with S-boxes, or some other type of the implementation. So, seeing tables in the implementation code gives you no more info as to the mode. > > Bcrypt doesn't all the specification of what mode enc/dec is done in. > That is, I can't specify to the program ECB, CBC or other. > Sounds likely, given the goal for portability. > > Also, according to the docs for bcrypt, it hashes your password out to > he maximum size for the cipher (448 bytes?). This sounds like an > implementation-specific decision which may not be echoed by PHP's mcrypt > functions. Does that sound reasonable? > > You'll have to match the hashing process to generate your key. > > > > Now, looking at your PHP code, I see that it appears your mixing and > matching > > some of the families of calls in ways that might lead to unexpected > results. > > Try the below: > > > > $ciphertext = mcrypt_encrypt( > > $cipher = MCRYPT_BLOWFISH, > > $key, > > $plaintext, > > $mode = 'cbc', // I just tossed this in as an example, but you should > match > > the mode bcrypt is using > > $iv = 'use only once, sometimes a count, or a date' // needed for > > decryption, too, although it doesn't have to remain a secret. > > ); > > Another point: my code above is actually from a post by someone else on > this list. Now, the iv above is based on a random number. If I encrypt > the file on Monday, and then attempt to decrypt it on Tuesday using a > different (random-number-based) iv, will the file decrypt properly? > NO, if you're using a mode other than ECB. If you're using CBC or some other mode that utilizes the IV, the same IV must be used for encryption AND decryption. However, when using ECB, the IV isn't used, so it wouldn't matter (if you pass in an IV, it's just ignored.) The IV is used to make sure no two plaintexts will be represented by the same cipher texts, and must be shared between those wishing to encrypt and decrypt the message. However, it doesn't have to kept secret. > > Paul > > -- > Paul M. Foster > Sounds like you're making progress :) I'm busy today (off to the doctor for a bum knee), but I'll probably look through bcrypt later this week just to better understand its implementation (that is to say, sorry I don't have more implementation details of that particular encryption scheme right now, but maybe later.) Adam -- Nephtali: PHP web framework that functions beautifully http://nephtaliproject.com
