I read more on vector IV and I agree with you. I've been reading this manual on
mcrypt_encrypt and _decrypt functions. I came up with this from what I read and
pretty much took the example. I have a problem with my decrypt statement. Im passing
what I believe is the correct params, but I could be mistaken.
Output from my function...
‘Ü_ V¢¢''”Ê'ÅÆû´3…ån2V½kôR¤üyÐw“í‘ y}P×…õe ` <-
Encrypted Data...
8†Ì«¢R¿„Þ6¡4±eÚ]xàLoìm
2„*—
ê«ï " œ ez;Tê_=G‘<- Decrypted data...
code <snipit>
srand();
$key = "this is a secret key";
$input = "Let us meet at 9 o'clock at the secret place.";
$size = mcrypt_get_iv_size (MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($size, MCRYPT_RAND);
$encrypted = mcrypt_ecb (MCRYPT_BLOWFISH, $key, $input, MCRYPT_ENCRYPT, $iv);
echo $encrypted," <- Encrypted Data...<br/>";
$decrypted = mcrypt_ecb (MCRYPT_BLOWFISH, $key, $input, MCRYPT_DECRYPT, $iv);
echo $decrypted, "<- Decrypted data...<br/>";
-----Original Message-----
From: Jay Smith [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 03, 2003 1:58 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Re: Mcrypt functions
Daniel Rychlik wrote:
> Hello,
>
> I have been playing with the mycrypt function. Im having a bit of
> trouble understanding why it is important to use a vector IV.
>
> I was wandering if there is a reasonably powerful encryption algorithm.
> That uses a key only instead of getting the block size and using a IV.
>
> I basically want to know if there is something simple out there that
> will do the same job.
>
> Kind Regards,
> Daniel
An initialization vector is basically used to 'seed' the algorithm to make
it more difficult to crack the ciphertext. Using an IV with a block cipher
is recommended because it generally makes the cipher more resiliant to
known-plaintext attacks.
You can use an algorithm without an IV, but you're risking security if you
do. In ECB mode, for instance, the IV is actually completely ignored, but
if you use the same key, identical blocks of plaintext will translate to
identical blocks of ciphertext. This is why an IV and block cipher modes
which utilize IVs are important.
Using an IV is definitely recommended. A good start would be Rijndael in CBC
mode with random IVs. You can safely transport the IV with the ciphertext.
If you really, really don't want to use IVs, you should try to stick with a
strong cipher such as Rijndael or Twofish and a mode like CBC. You might
also want to look into a stream cipher, such as ARC4 or SEAL. But I'd still
recommend using an IV.
J
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
