Re: Studying mcrypt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Alex,

        Thanks for the tip. I'm not storing it in the database (you see, it's "asdfasdf" and the key string is "secret key"), I'm just studying mcrypt's possibilities :-).

-- 
With best regards from Ukraine,
Andre
Skype: Francophile
My blog: http://oire.org/menelion (mostly in Russian)
Twitter: http://twitter.com/m_elensule
Facebook: http://facebook.com/menelion

------------ Original message ------------
From: Alex Nikitin <niksoft@xxxxxxxxx>
To: Andre Polykanine
Date created: , 9:27:42 PM
Subject:  Studying mcrypt


      Yes, since it's trying to represent in characters some purely binary data,
it is not unlikely that you will get VERY weird characters (and you do).

Also you shouldn't actually encrypt passwords, the proper way to store them
is hashed, so that if someone grabs your database, they dont have your
passwords, even if they have the "key".

Best way to check is to decrypt it and verify...

--
The trouble with programmers is that you can never tell what a programmer is
doing until it’s too late.  ~Seymour Cray



On Wed, Aug 3, 2011 at 12:40 PM, Andre Polykanine <andre@xxxxxxxx> wrote:

> Hello Php,
>
>  It's my first time I use mcrypt.
> I've done everything like it's written in the php manuals, here is the
> code:
>
> <?php
> $d=mcrypt_module_open("rijndael-256", "", "ofb", "");
> $iv=mcrypt_create_iv(mcrypt_enc_get_iv_size($d), MCRYPT_DEV_RANDOM);
> $ks=mcrypt_enc_get_key_size($d);
> $key=substr(md5("Secret key"), 0, $ks);
> mcrypt_generic_init($d, $key, $iv);
> $cpass=mcrypt_generic($d, $_POST['opass']);
> mcrypt_generic_deinit($d);
> mcrypt_module_close($d);
> ?>
>
> And here's what I get:
> Original password: asdfasdfasdf
> Encrypted password: Q�  j�����*
>
> Question: Is it normal to have such strange characters in the encrypted
> string?
> I'm hosted at http://godaddy.com/, shared hosting, if it does matter.
> Thanks!
>
> --
> With best regards from Ukraine,
> Andre
> Skype: Francophile
> Twitter: http://twitter.com/m_elensule
> Facebook: http://facebook.com/menelion
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux