Hello,
I recently implemented a database using MySQL that is storing selected
fields encrypted. However on a very small number of records the decrypted
result is not correct for some fields, for example for this credit card
number:
9999-999999-9999Fhx
It appears in fact the same way as the problem I first experienced, when the
database field was not big enough to store the encrypted text (which I
discovered takes a multiple of the blocksize, so it is usually bigger than
the original string). However the blocksize is 8 and to provide a safety
margin all the fields to be encrypted have 10 extra characters in them
(varchar fields).
So far this happens on at most one field in a record, perhaps on less than
5% of the records. At first I was thinking maybe the addslashes() was
adding text but MySQL should be stripping that out before entering it into
the database, right? Also I can't seem to duplicate this by entering the
same values in the form again.
Any suggestions? Here is my encryption code:
$hrkey = '$R^a$nd()M%'; // changed text
$td = mcrypt_module_open(MCRYPT_TRIPLEDES,'', MCRYPT_MODE_ECB, '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), 99999999999999);
//changed the number
$ks = mcrypt_enc_get_key_size ($td);
$key = substr(md5($hrkey), 0, $ks);
mcrypt_generic_init($td, $key, $iv);
$CreditCardNumber = addslashes(mcrypt_generic($td,
$_POST['Credit_Card_Number']));
(...post to database here...)
mcrypt_module_close($td);
Decryption code:
function mydecrypt($enc) {
global $td;
return rtrim(mdecrypt_generic($td, $enc), "\0");
}
Thanks for any insight!
- Steve Yates
- ASCII stupid question, get a stupid ANSI.
~ Taglines by Taglinator - www.srtware.com ~
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
