Bug #16674 Updated: mcrypt_create_iv troubles
ID: 16674
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Bogus
+Status: Open
-Bug Type: mcrypt related
+Bug Type: Documentation problem
Operating System: linux
PHP Version: 4.2.0
Assigned To: derick
New Comment:
Thanks for summing up Derick!
Maybe someone from the doctime is kind enough and can sum up the
complete report and add some of this to the mcrypt documentation?
Previous Comments:
[2002-04-18 03:13:29] [EMAIL PROTECTED]
This is not a bug, but even desired. The IV is only meant to give an
alternative seed to the encryption routines. This IV does not need to
be secret at all, though it can be desirable. You even can send it
along with your ciphertext without loosing security.
See also:
http://www.ciphersbyritter.com/GLOSSARY.HTM#IV
http://fn2.freenet.edmonton.ab.ca/%7Ejsavard/crypto/co0409.htm
See also:
chapter 9.3 of Applied Cryptography by Schneier (ISBN 0-471-11709-9)
for a discussion of this topic
Derick
[2002-04-18 01:32:28] [EMAIL PROTECTED]
Checking this out.
[2002-04-18 01:27:30] [EMAIL PROTECTED]
Here is the basic problem I have noticed:
My functions to encrypt/decrypt, following
(atleast in my opinion) the documentation:
and are included at the bottom of this bug report.
Quoting Mcrypt:
You must (in CFB and OFB mode) or can (in CBC mode)
supply an initialization vector (IV) to the respective
cipher function. The IV must be unique and must be the
same when decrypting/encrypting.
However there is a problem: mcrypt_create_iv (99.9% of the time)
will never produce the same $iv you started with, with its
current options.
Which means: you can never decrypt with the same IV, unless
you save this IV somewhere along with your encrypted text,
but I think that would be quite silly :)
My suggestion: Allow a user to input an optional argument
for mcrypt_create_iv() which is something that they can
call upon on _both_ the encrypting and decrypting. Two examples
off the top of my head that would work, would be an md5
of a file, or md5 of the actual keyphrase (the latter probably
being the eaiest and most robust). Then have mycrypt_create_iv()
'pad' or whatever the hell it does :) the rest of the IV
(because if I try to use md5($key) as my $iv, it says
the lengths don't match) in so much as it would pad identically
on both encrypting/decrypting when called with the same third
parameter.
either way, I've yet to see my encryption/decryption with mcrypt
work with an IV, and if you can point out what i'm doing,
i'll be more than happy to pass the information along to
the many people i've talked to who tried but couldn't ever
get a decrypt out of an encrypt using this method.
cheers,
kyle
-- snippet --
function encrypt($key, $plain_text) {
// returns encrypted text
// incoming: should be the $key that was encrypt
// with and the $plain_text that wants to be encrypted
$plain_text = trim($plain_text);
$iv = mcrypt_create_iv (mcrypt_get_iv_size
(MCRYPT_CAST_256,MCRYPT_MODE_CFB), MCRYPT_DEV_RANDOM);
$c_t = mcrypt_cfb (MCRYPT_CAST_256, $key, $plain_text,
MCRYPT_ENCRYPT, $iv);
return trim(chop(base64_encode($c_t)));
}
function decrypt($key, $c_t) {
// incoming: should be the $key that you encrypted
// with and the $c_t (encrypted text)
// returns plain text
// decode it first :)
$c_t = trim(chop(base64_decode($c_t)));
$iv = mcrypt_create_iv (mcrypt_get_iv_size
(MCRYPT_CAST_256,MCRYPT_MODE_CFB), MCRYPT_DEV_RANDOM);
$p_t = mcrypt_cfb (MCRYPT_CAST_256, $key, $c_t, MCRYPT_DECRYPT,
$iv);
return trim(chop($p_t));
}
--
Edit this bug report at http://bugs.php.net/?id=16674edit=1
Bug #16674 Updated: mcrypt_create_iv troubles
ID: 16674
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Open
+Status: Closed
Bug Type: Documentation problem
Operating System: linux
PHP Version: 4.2.0
Assigned To: derick
New Comment:
done
Previous Comments:
[2002-04-18 05:08:02] [EMAIL PROTECTED]
Thanks for summing up Derick!
Maybe someone from the doctime is kind enough and can sum up the
complete report and add some of this to the mcrypt documentation?
[2002-04-18 03:13:29] [EMAIL PROTECTED]
This is not a bug, but even desired. The IV is only meant to give an
alternative seed to the encryption routines. This IV does not need to
be secret at all, though it can be desirable. You even can send it
along with your ciphertext without loosing security.
See also:
http://www.ciphersbyritter.com/GLOSSARY.HTM#IV
http://fn2.freenet.edmonton.ab.ca/%7Ejsavard/crypto/co0409.htm
See also:
chapter 9.3 of Applied Cryptography by Schneier (ISBN 0-471-11709-9)
for a discussion of this topic
Derick
[2002-04-18 01:32:28] [EMAIL PROTECTED]
Checking this out.
[2002-04-18 01:27:30] [EMAIL PROTECTED]
Here is the basic problem I have noticed:
My functions to encrypt/decrypt, following
(atleast in my opinion) the documentation:
and are included at the bottom of this bug report.
Quoting Mcrypt:
You must (in CFB and OFB mode) or can (in CBC mode)
supply an initialization vector (IV) to the respective
cipher function. The IV must be unique and must be the
same when decrypting/encrypting.
However there is a problem: mcrypt_create_iv (99.9% of the time)
will never produce the same $iv you started with, with its
current options.
Which means: you can never decrypt with the same IV, unless
you save this IV somewhere along with your encrypted text,
but I think that would be quite silly :)
My suggestion: Allow a user to input an optional argument
for mcrypt_create_iv() which is something that they can
call upon on _both_ the encrypting and decrypting. Two examples
off the top of my head that would work, would be an md5
of a file, or md5 of the actual keyphrase (the latter probably
being the eaiest and most robust). Then have mycrypt_create_iv()
'pad' or whatever the hell it does :) the rest of the IV
(because if I try to use md5($key) as my $iv, it says
the lengths don't match) in so much as it would pad identically
on both encrypting/decrypting when called with the same third
parameter.
either way, I've yet to see my encryption/decryption with mcrypt
work with an IV, and if you can point out what i'm doing,
i'll be more than happy to pass the information along to
the many people i've talked to who tried but couldn't ever
get a decrypt out of an encrypt using this method.
cheers,
kyle
-- snippet --
function encrypt($key, $plain_text) {
// returns encrypted text
// incoming: should be the $key that was encrypt
// with and the $plain_text that wants to be encrypted
$plain_text = trim($plain_text);
$iv = mcrypt_create_iv (mcrypt_get_iv_size
(MCRYPT_CAST_256,MCRYPT_MODE_CFB), MCRYPT_DEV_RANDOM);
$c_t = mcrypt_cfb (MCRYPT_CAST_256, $key, $plain_text,
MCRYPT_ENCRYPT, $iv);
return trim(chop(base64_encode($c_t)));
}
function decrypt($key, $c_t) {
// incoming: should be the $key that you encrypted
// with and the $c_t (encrypted text)
// returns plain text
// decode it first :)
$c_t = trim(chop(base64_decode($c_t)));
$iv = mcrypt_create_iv (mcrypt_get_iv_size
(MCRYPT_CAST_256,MCRYPT_MODE_CFB), MCRYPT_DEV_RANDOM);
$p_t = mcrypt_cfb (MCRYPT_CAST_256, $key, $c_t, MCRYPT_DECRYPT,
$iv);
return trim(chop($p_t));
}
--
Edit this bug report at http://bugs.php.net/?id=16674edit=1
Bug #16674 Updated: mcrypt_create_iv troubles
ID: 16674
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Open
+Status: Assigned
Bug Type: mcrypt related
Operating System: linux
PHP Version: 4.2.0
-Assigned To:
+Assigned To: derick
New Comment:
Checking this out.
Previous Comments:
[2002-04-18 01:27:30] [EMAIL PROTECTED]
Here is the basic problem I have noticed:
My functions to encrypt/decrypt, following
(atleast in my opinion) the documentation:
and are included at the bottom of this bug report.
Quoting Mcrypt:
You must (in CFB and OFB mode) or can (in CBC mode)
supply an initialization vector (IV) to the respective
cipher function. The IV must be unique and must be the
same when decrypting/encrypting.
However there is a problem: mcrypt_create_iv (99.9% of the time)
will never produce the same $iv you started with, with its
current options.
Which means: you can never decrypt with the same IV, unless
you save this IV somewhere along with your encrypted text,
but I think that would be quite silly :)
My suggestion: Allow a user to input an optional argument
for mcrypt_create_iv() which is something that they can
call upon on _both_ the encrypting and decrypting. Two examples
off the top of my head that would work, would be an md5
of a file, or md5 of the actual keyphrase (the latter probably
being the eaiest and most robust). Then have mycrypt_create_iv()
'pad' or whatever the hell it does :) the rest of the IV
(because if I try to use md5($key) as my $iv, it says
the lengths don't match) in so much as it would pad identically
on both encrypting/decrypting when called with the same third
parameter.
either way, I've yet to see my encryption/decryption with mcrypt
work with an IV, and if you can point out what i'm doing,
i'll be more than happy to pass the information along to
the many people i've talked to who tried but couldn't ever
get a decrypt out of an encrypt using this method.
cheers,
kyle
-- snippet --
function encrypt($key, $plain_text) {
// returns encrypted text
// incoming: should be the $key that was encrypt
// with and the $plain_text that wants to be encrypted
$plain_text = trim($plain_text);
$iv = mcrypt_create_iv (mcrypt_get_iv_size
(MCRYPT_CAST_256,MCRYPT_MODE_CFB), MCRYPT_DEV_RANDOM);
$c_t = mcrypt_cfb (MCRYPT_CAST_256, $key, $plain_text,
MCRYPT_ENCRYPT, $iv);
return trim(chop(base64_encode($c_t)));
}
function decrypt($key, $c_t) {
// incoming: should be the $key that you encrypted
// with and the $c_t (encrypted text)
// returns plain text
// decode it first :)
$c_t = trim(chop(base64_decode($c_t)));
$iv = mcrypt_create_iv (mcrypt_get_iv_size
(MCRYPT_CAST_256,MCRYPT_MODE_CFB), MCRYPT_DEV_RANDOM);
$p_t = mcrypt_cfb (MCRYPT_CAST_256, $key, $c_t, MCRYPT_DECRYPT,
$iv);
return trim(chop($p_t));
}
--
Edit this bug report at http://bugs.php.net/?id=16674edit=1
