Re: Studying mcrypt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Aug 3, 2011 at 3:08 PM, Ashley Sheridan <ash@xxxxxxxxxxxxxxxxxxxx>wrote:

> **
> On Wed, 2011-08-03 at 22:02 +0300, Andre Polykanine wrote:
>
> Hello Alex,
>
>         Thanks for the tip. I'm not storing it in the database (you see, it's "asdfasdf" and the key string is "secret key"), I'm just studying mcrypt's possibilities :-).
>
> --
> With best regards from Ukraine,
> Andre
> Skype: Francophile
> My blog: http://oire.org/menelion (mostly in Russian)
> Twitter: http://twitter.com/m_elensule
> Facebook: http://facebook.com/menelion
>
> ------------ Original message ------------
> From: Alex Nikitin <niksoft@xxxxxxxxx>
> To: Andre Polykanine
> Date created: , 9:27:42 PM
> Subject:  Studying mcrypt
>
>
>       Yes, since it's trying to represent in characters some purely binary data,
> it is not unlikely that you will get VERY weird characters (and you do).
>
> Also you shouldn't actually encrypt passwords, the proper way to store them
> is hashed, so that if someone grabs your database, they dont have your
> passwords, even if they have the "key".
>
> Best way to check is to decrypt it and verify...
>
> --
> The trouble with programmers is that you can never tell what a programmer is
> doing until it’s too late.  ~Seymour Cray
>
>
>
> On Wed, Aug 3, 2011 at 12:40 PM, Andre Polykanine <andre@xxxxxxxx> wrote:
>
> > Hello Php,
> >
> >  It's my first time I use mcrypt.
> > I've done everything like it's written in the php manuals, here is the
> > code:
> >
> > <?php
> > $d=mcrypt_module_open("rijndael-256", "", "ofb", "");
> > $iv=mcrypt_create_iv(mcrypt_enc_get_iv_size($d), MCRYPT_DEV_RANDOM);
> > $ks=mcrypt_enc_get_key_size($d);
> > $key=substr(md5("Secret key"), 0, $ks);
> > mcrypt_generic_init($d, $key, $iv);
> > $cpass=mcrypt_generic($d, $_POST['opass']);
> > mcrypt_generic_deinit($d);
> > mcrypt_module_close($d);
> > ?>
> >
> > And here's what I get:
> > Original password: asdfasdfasdf
> > Encrypted password: Q�  j�����*
> >
> > Question: Is it normal to have such strange characters in the encrypted
> > string?
> > I'm hosted at http://godaddy.com/, shared hosting, if it does matter.
> > Thanks!
> >
> > --
> > With best regards from Ukraine,
> > Andre
> > Skype: Francophile
> > Twitter: http://twitter.com/m_elensule
> > Facebook: http://facebook.com/menelion
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
>
>
>
> Please don't top-post :)
>
> You can use base64_encode() on it to convert it into something that's
> printable and storable in the DB without having to resort to a binary blob
>
>
>   --
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>
Isn't that a bit counterproductive though, storing it in binary?

Purely storage-related:
Say we are storing a 128byte result of encryption.
Storing it in a varbin would mean that you would use up 128+1 bytes of
storage, where as if you were to base64 encode it, data length would be 170
or so bytes, +1byte or 171bytes...  42 bytes difference...


This was a crypto class i wrote for something, i cant even recall exactly
what project it was for, it is making it's way into the framework, but for
now, i've changed it to be "normal" again

Hopefully it should be pretty straight forward:

http://pastebin.com/TFn468dM

--
The trouble with programmers is that you can never tell what a programmer is
doing until it’s too late.  ~Seymour Cray

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux