From: [EMAIL PROTECTED] Operating system: linux PHP version: 4.2.0 PHP Bug Type: mcrypt related Bug description: mcrypt_create_iv troubles
Here is the basic problem I have noticed: My functions to encrypt/decrypt, following (atleast in my opinion) the documentation: and are included at the bottom of this bug report. Quoting Mcrypt: "You must (in CFB and OFB mode) or can (in CBC mode) supply an initialization vector (IV) to the respective cipher function. The IV must be unique and must be the same when decrypting/encrypting." However there is a problem: mcrypt_create_iv (99.9% of the time) will never produce the same $iv you started with, with its current options. Which means: you can never decrypt with the same IV, unless you save this IV somewhere along with your encrypted text, but I think that would be quite silly :) My suggestion: Allow a user to input an optional argument for mcrypt_create_iv() which is something that they can call upon on _both_ the encrypting and decrypting. Two examples off the top of my head that would work, would be an md5 of a file, or md5 of the actual keyphrase (the latter probably being the eaiest and most robust). Then have mycrypt_create_iv() 'pad' or whatever the hell it does :) the rest of the IV (because if I try to use md5($key) as my $iv, it says the lengths don't match) in so much as it would pad identically on both encrypting/decrypting when called with the same third parameter. either way, I've yet to see my encryption/decryption with mcrypt work with an IV, and if you can point out what i'm doing, i'll be more than happy to pass the information along to the many people i've talked to who tried but couldn't ever get a decrypt out of an encrypt using this method. cheers, kyle -- snippet -- function encrypt($key, $plain_text) { // returns encrypted text // incoming: should be the $key that was encrypt // with and the $plain_text that wants to be encrypted $plain_text = trim($plain_text); $iv = mcrypt_create_iv (mcrypt_get_iv_size (MCRYPT_CAST_256,MCRYPT_MODE_CFB), MCRYPT_DEV_RANDOM); $c_t = mcrypt_cfb (MCRYPT_CAST_256, $key, $plain_text, MCRYPT_ENCRYPT, $iv); return trim(chop(base64_encode($c_t))); } function decrypt($key, $c_t) { // incoming: should be the $key that you encrypted // with and the $c_t (encrypted text) // returns plain text // decode it first :) $c_t = trim(chop(base64_decode($c_t))); $iv = mcrypt_create_iv (mcrypt_get_iv_size (MCRYPT_CAST_256,MCRYPT_MODE_CFB), MCRYPT_DEV_RANDOM); $p_t = mcrypt_cfb (MCRYPT_CAST_256, $key, $c_t, MCRYPT_DECRYPT, $iv); return trim(chop($p_t)); } -- Edit bug report at http://bugs.php.net/?id=16674&edit=1 -- Fixed in CVS: http://bugs.php.net/fix.php?id=16674&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=16674&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=16674&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=16674&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=16674&r=support Expected behavior: http://bugs.php.net/fix.php?id=16674&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=16674&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=16674&r=submittedtwice