[NF][PHP] Encryption failing

Tue, 15 Jan 2008 16:57:33 -0800 

Hey --- - -

I am in the process of upgrading the encryption technology I am using  
from (64 bit) blowfish to (256 bit) rijndael.

The code (and some explanations) is below, but the results are, um,  
unusual, and I can't see what I am doing wrong. For testing, I have a  
program that generates a random 16-character string, encrypts it to a  
variable, and decrypts it. Running it in 500 iteration loops, it  
fails roughly 4% of the time. By "fails" I mean that the original  
string and the eventual decrypted one don't match.

Anybody able to spot why?

Ken
--------------------------------------
function jagencdecr($text,$EorD,$encpass='') {
        // parameters:
        // - $text = string to be en/decrypted,
        // - $EorD = Encrypt or Decrypt
        // - $encpass = key phrase
        if (empty($text)) {return "";}
        $text = trim($text);
        $cypher = mcrypt_module_open('rijndael-256', '', 'ecb', '');
                // "ecb" mode produces the above results.
                // "ofb" mode produces 100% errors

        $size = mcrypt_enc_get_iv_size($cypher);
        $phprand = rand(1000,9999);
        $iv = mcrypt_create_iv($size,$phprand); // produces the same results  
as below, platform independent
        //$iv = mcrypt_create_iv($size,MCRYPT_RAND); // for Windows
        //$iv = mcrypt_create_iv($size,MCRYPT_DEV_RAND); // for 'NIX

        $ks = mcrypt_enc_get_key_size($cypher);
        /* Create key */
        $key = substr(md5($encpass), 0, $ks);
        mcrypt_generic_init($cypher,$key,$iv);
        if ($EorD == "D") {
                $text_out = mdecrypt_generic($cypher,$text);
        } else {
                $text_out = mcrypt_generic($cypher,$text);
        } // endif ($EorD == "D")
        mcrypt_generic_deinit($cypher);
        mcrypt_module_close($cypher);
        return trim($text_out);

}  // endfunc jagencdecr Jaguar Ecnrypt/Decrypt



_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: http://leafe.com/archives/byMID/profox/[EMAIL PROTECTED]
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Reply via email to