From: [EMAIL PROTECTED]
Operating system: linux
PHP version: 4.2.0
PHP Bug Type: mcrypt related
Bug description: mcrypt_create_iv troubles
Here is the basic problem I have noticed:
My functions to encrypt/decrypt, following
(atleast in my opinion) the documentation:
and are included at the bottom of this bug report.
Quoting Mcrypt:
"You must (in CFB and OFB mode) or can (in CBC mode)
supply an initialization vector (IV) to the respective
cipher function. The IV must be unique and must be the
same when decrypting/encrypting."
However there is a problem: mcrypt_create_iv (99.9% of the time)
will never produce the same $iv you started with, with its
current options.
Which means: you can never decrypt with the same IV, unless
you save this IV somewhere along with your encrypted text,
but I think that would be quite silly :)
My suggestion: Allow a user to input an optional argument
for mcrypt_create_iv() which is something that they can
call upon on _both_ the encrypting and decrypting. Two examples
off the top of my head that would work, would be an md5
of a file, or md5 of the actual keyphrase (the latter probably
being the eaiest and most robust). Then have mycrypt_create_iv()
'pad' or whatever the hell it does :) the rest of the IV
(because if I try to use md5($key) as my $iv, it says
the lengths don't match) in so much as it would pad identically
on both encrypting/decrypting when called with the same third
parameter.
either way, I've yet to see my encryption/decryption with mcrypt
work with an IV, and if you can point out what i'm doing,
i'll be more than happy to pass the information along to
the many people i've talked to who tried but couldn't ever
get a decrypt out of an encrypt using this method.
cheers,
kyle
-- snippet --
function encrypt($key, $plain_text) {
// returns encrypted text
// incoming: should be the $key that was encrypt
// with and the $plain_text that wants to be encrypted
$plain_text = trim($plain_text);
$iv = mcrypt_create_iv (mcrypt_get_iv_size
(MCRYPT_CAST_256,MCRYPT_MODE_CFB), MCRYPT_DEV_RANDOM);
$c_t = mcrypt_cfb (MCRYPT_CAST_256, $key, $plain_text, MCRYPT_ENCRYPT,
$iv);
return trim(chop(base64_encode($c_t)));
}
function decrypt($key, $c_t) {
// incoming: should be the $key that you encrypted
// with and the $c_t (encrypted text)
// returns plain text
// decode it first :)
$c_t = trim(chop(base64_decode($c_t)));
$iv = mcrypt_create_iv (mcrypt_get_iv_size
(MCRYPT_CAST_256,MCRYPT_MODE_CFB), MCRYPT_DEV_RANDOM);
$p_t = mcrypt_cfb (MCRYPT_CAST_256, $key, $c_t, MCRYPT_DECRYPT, $iv);
return trim(chop($p_t));
}
--
Edit bug report at http://bugs.php.net/?id=16674&edit=1
--
Fixed in CVS: http://bugs.php.net/fix.php?id=16674&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=16674&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=16674&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=16674&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=16674&r=support
Expected behavior: http://bugs.php.net/fix.php?id=16674&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=16674&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=16674&r=submittedtwice
