On Wed, 2011-08-03 at 15:35 -0400, Alex Nikitin wrote: > On Wed, Aug 3, 2011 at 3:08 PM, Ashley Sheridan <ash@xxxxxxxxxxxxxxxxxxxx>wrote: > > > ** > > On Wed, 2011-08-03 at 22:02 +0300, Andre Polykanine wrote: > > > > Hello Alex, > > > > Thanks for the tip. I'm not storing it in the database (you see, it's "asdfasdf" and the key string is "secret key"), I'm just studying mcrypt's possibilities :-). > > > > -- > > With best regards from Ukraine, > > Andre > > Skype: Francophile > > My blog: http://oire.org/menelion (mostly in Russian) > > Twitter: http://twitter.com/m_elensule > > Facebook: http://facebook.com/menelion > > > > ------------ Original message ------------ > > From: Alex Nikitin <niksoft@xxxxxxxxx> > > To: Andre Polykanine > > Date created: , 9:27:42 PM > > Subject: Studying mcrypt > > > > > > Yes, since it's trying to represent in characters some purely binary data, > > it is not unlikely that you will get VERY weird characters (and you do). > > > > Also you shouldn't actually encrypt passwords, the proper way to store them > > is hashed, so that if someone grabs your database, they dont have your > > passwords, even if they have the "key". > > > > Best way to check is to decrypt it and verify... > > > > -- > > The trouble with programmers is that you can never tell what a programmer is > > doing until it’s too late. ~Seymour Cray > > > > > > > > On Wed, Aug 3, 2011 at 12:40 PM, Andre Polykanine <andre@xxxxxxxx> wrote: > > > > > Hello Php, > > > > > > It's my first time I use mcrypt. > > > I've done everything like it's written in the php manuals, here is the > > > code: > > > > > > <?php > > > $d=mcrypt_module_open("rijndael-256", "", "ofb", ""); > > > $iv=mcrypt_create_iv(mcrypt_enc_get_iv_size($d), MCRYPT_DEV_RANDOM); > > > $ks=mcrypt_enc_get_key_size($d); > > > $key=substr(md5("Secret key"), 0, $ks); > > > mcrypt_generic_init($d, $key, $iv); > > > $cpass=mcrypt_generic($d, $_POST['opass']); > > > mcrypt_generic_deinit($d); > > > mcrypt_module_close($d); > > > ?> > > > > > > And here's what I get: > > > Original password: asdfasdfasdf > > > Encrypted password: Q� j�����* > > > > > > Question: Is it normal to have such strange characters in the encrypted > > > string? > > > I'm hosted at http://godaddy.com/, shared hosting, if it does matter. > > > Thanks! > > > > > > -- > > > With best regards from Ukraine, > > > Andre > > > Skype: Francophile > > > Twitter: http://twitter.com/m_elensule > > > Facebook: http://facebook.com/menelion > > > > > > > > > -- > > > PHP General Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > > > > > > > Please don't top-post :) > > > > You can use base64_encode() on it to convert it into something that's > > printable and storable in the DB without having to resort to a binary blob > > > > > > -- > > Thanks, > > Ash > > http://www.ashleysheridan.co.uk > > > > > > > Isn't that a bit counterproductive though, storing it in binary? > > Purely storage-related: > Say we are storing a 128byte result of encryption. > Storing it in a varbin would mean that you would use up 128+1 bytes of > storage, where as if you were to base64 encode it, data length would be 170 > or so bytes, +1byte or 171bytes... 42 bytes difference... > > > This was a crypto class i wrote for something, i cant even recall exactly > what project it was for, it is making it's way into the framework, but for > now, i've changed it to be "normal" again > > Hopefully it should be pretty straight forward: > > http://pastebin.com/TFn468dM > > -- > The trouble with programmers is that you can never tell what a programmer is > doing until it’s too late. ~Seymour Cray The beauty of encoding something into base64 is that you can then easily move that data around to systems that can't handle binary. You can pass a base64 image down to the browser to display, without requiring a second script to create the image used in the <img> tag. Javascript can manipulate base64 data making it an alternative to json where json won't work. Command line environments won't be able to deal with binary arguments, but base64 is fine. It all depends on what you want to do with it at the end of the day. -- Thanks, Ash http://www.ashleysheridan.co.uk
