ID: 49317
Comment by: sjoerd-php at linuxonly dot nl
Reported By: jinger dot jiang at autodesk dot com
Status: Open
Bug Type: mcrypt related
Operating System: Vista, Windows2003
PHP Version: 5.2.10
New Comment:
Thank you for your bug report.
In your example, the variable $key is not defined. Although the
behavior you report can still be considered a bug, it only seem to
happen when $key is empty. Supplying a correct key fixes your problem
and is useful from a security point of view.
Previous Comments:
------------------------------------------------------------------------
[2009-08-21 07:37:18] jinger dot jiang at autodesk dot com
Description:
------------
I use the function mcrypt_cfb(..,MCRYPT_ENCRYPT,.) to encrypt a
password valued 'Zx57Kl36', then I use mcrypt_cfb(..,MCRYPT_DECRYPT,..)
to decrypt the value, it changed to 'Zx57Kl3'.
I also have tried 'Zx57Kl32', 'Zx57Kl34' and 'Zx57Kl35', these value is
changed to 'Zx57Kl3' too after decrypt. But 'Zx57Kl30', 'Zx57Kl31' etc
are correct after decrypt.
Reproduce code:
---------------
My code:
//$plain_text can be 'Zx57Kl36' etc.
function encrypt($plain_text) {
$plain_text = trim($plain_text);
$iv = substr(md5($key), 0,mcrypt_get_iv_size
(MCRYPT_CAST_256,MCRYPT_MODE_CFB));
$c_t = mcrypt_cfb (MCRYPT_CAST_256, $key, $plain_text,
MCRYPT_ENCRYPT, $iv);
$ret = trim(chop(base64_encode($c_t)));
return $ret;
}
function decrypt($c_t) {
$c_t = trim(chop(base64_decode($c_t)));
$iv = substr(md5($key), 0,mcrypt_get_iv_size
(MCRYPT_CAST_256,MCRYPT_MODE_CFB));
$p_t = mcrypt_cfb (MCRYPT_CAST_256, $key, $c_t, MCRYPT_DECRYPT,
$iv);
$ret = trim(chop($p_t));
return $ret;
}
Expected result:
----------------
$ret=encrypt('Zx57Kl36');
$ret=decrypt($ret);
then $ret should be 'Zx57Kl36' but not 'Zx57Kl3'.
Actual result:
--------------
$ret=encrypt('Zx57Kl36');
$ret=decrypt($ret);
$ret equals to 'Zx57Kl3'. It should be 'Zx57Kl36'.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=49317&edit=1
