Hey all -

I'm using mcrypt to store credit cards into MySQL. About 90% of them decrypt 
fine, but about 10% decrypt as nonsense ("b1�\�JEÚU�A���" is a good example). 
Maybe there is a character that appears in about 10% of my encryptions that's 
not being encoded properly???

// Encryption is set up at the top of the script:
$crypto = mcrypt_module_open('rijndael-256', '', 'ofb', '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($crypto), MCRYPT_DEV_RANDOM);
$ks = mcrypt_enc_get_key_size($crypto);
$key = substr(md5('my_funky_term'), 0, $ks);

// When the card number is collected by the form, it's encrypted:
$cc_number = addslashes($_POST['cc_number']);
mcrypt_generic_init($crypto, $key, $iv);
$cc_encrypt = mcrypt_generic($crypto, $cc_number);

// This is written to the database:
$query = "update accounts set cc_encrypt='$cc_encrypt', encrypt_iv='$iv', 
other_fields='$other_stuff' where id='$account_id' limit 1";
$result = mysql_query($query) or die(mysql_error());

Both the cc_encrypt and encrypt_iv fields are tinytext, latin1_swedish_ci, 
MyISAM, MySQL 5.0.91

In another script, when I retrieve, I first set it up at the top of the script 
exactly like step #1 above, then retrieve it like this:

mcrypt_generic_init($crypto, $key, $row['encrypt_iv']);
$cc_number = trim(mdecrypt_generic($crypto, $row['cc_encrypt']));

Most of them are good, a few of them are bad. Can anyone see anything I'm doing 
wrong or a case I'm not covering? Thanks much.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to