On Wed, 2011-08-03 at 22:02 +0300, Andre Polykanine wrote: > Hello Alex, > > Thanks for the tip. I'm not storing it in the database (you see, it's "asdfasdf" and the key string is "secret key"), I'm just studying mcrypt's possibilities :-). > > -- > With best regards from Ukraine, > Andre > Skype: Francophile > My blog: http://oire.org/menelion (mostly in Russian) > Twitter: http://twitter.com/m_elensule > Facebook: http://facebook.com/menelion > > ------------ Original message ------------ > From: Alex Nikitin <niksoft@xxxxxxxxx> > To: Andre Polykanine > Date created: , 9:27:42 PM > Subject: Studying mcrypt > > > Yes, since it's trying to represent in characters some purely binary data, > it is not unlikely that you will get VERY weird characters (and you do). > > Also you shouldn't actually encrypt passwords, the proper way to store them > is hashed, so that if someone grabs your database, they dont have your > passwords, even if they have the "key". > > Best way to check is to decrypt it and verify... > > -- > The trouble with programmers is that you can never tell what a programmer is > doing until it’s too late. ~Seymour Cray > > > > On Wed, Aug 3, 2011 at 12:40 PM, Andre Polykanine <andre@xxxxxxxx> wrote: > > > Hello Php, > > > > It's my first time I use mcrypt. > > I've done everything like it's written in the php manuals, here is the > > code: > > > > <?php > > $d=mcrypt_module_open("rijndael-256", "", "ofb", ""); > > $iv=mcrypt_create_iv(mcrypt_enc_get_iv_size($d), MCRYPT_DEV_RANDOM); > > $ks=mcrypt_enc_get_key_size($d); > > $key=substr(md5("Secret key"), 0, $ks); > > mcrypt_generic_init($d, $key, $iv); > > $cpass=mcrypt_generic($d, $_POST['opass']); > > mcrypt_generic_deinit($d); > > mcrypt_module_close($d); > > ?> > > > > And here's what I get: > > Original password: asdfasdfasdf > > Encrypted password: Q� j�����* > > > > Question: Is it normal to have such strange characters in the encrypted > > string? > > I'm hosted at http://godaddy.com/, shared hosting, if it does matter. > > Thanks! > > > > -- > > With best regards from Ukraine, > > Andre > > Skype: Francophile > > Twitter: http://twitter.com/m_elensule > > Facebook: http://facebook.com/menelion > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > Please don't top-post :) You can use base64_encode() on it to convert it into something that's printable and storable in the DB without having to resort to a binary blob -- Thanks, Ash http://www.ashleysheridan.co.uk
