[PHP] Encryption Question
Good morning gurus!
I am encrypting some data on one server and now I am attempting to decrypt on another
server using mcrypt_encrypt and mycrypt_decrypt (using same key and initialzation
vector). It is almost working but I seem to still have a little problem, that data is
missing the last character which still seems to be encrypted. I am putting the data in
the database with addslashes, and retrieving with stripslashes, but I get things like
this;
45221141¤Þ,]¹9Ñ
7775ÿåZ|z
while($arrEncInfo = mysql_fetch_array($dbGetSub)){
$stripDataA = stripslashes($arrEncInfo['dataA']);
$stripIV = stripslashes($arrEncInfo['iv']);
$dataA = mcrypt_decrypt($encAlg, $encKey, $stripDataA, $encMode, $stripIV);
echo $dataA . \n;
}
Has anyone seen this? Could there be a difference between the PHP installs? Both are
version 4.3.7.
Thanks!
Jay
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Encryption Question SOLVED
[snip]
I am encrypting some data on one server and now I am attempting to decrypt on another
server using mcrypt_encrypt and mycrypt_decrypt (using same key and initialzation
vector). It is almost working but I seem to still have a little problem, that data is
missing the last character which still seems to be encrypted. I am putting the data in
the database with addslashes, and retrieving with stripslashes, but I get things like
this;
45221141¤Þ,]¹9Ñ
7775ÿåZ|z
while($arrEncInfo = mysql_fetch_array($dbGetSub)){
$stripDataA = stripslashes($arrEncInfo['dataA']);
$stripIV = stripslashes($arrEncInfo['iv']);
$dataA = mcrypt_decrypt($encAlg, $encKey, $stripDataA, $encMode, $stripIV);
echo $dataA . \n;
}
Has anyone seen this? Could there be a difference between the PHP installs? Both are
version 4.3.7.
[/snip]
I found the problem on the field in question. I had left the column in the database
the same length as it was prior to encrypting the data. This, as it turns out, is a
BAD THING [tm]. Make sure that database columns are large enough to hold the whole of
the encrypted data.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Encryption question
I wouldn't use crypt, instead use one of the proven more secure hashes like md5 or sha1. For password hashing I'd use md5 (PHP 3 and 4) if you want broad support or sha1 for a little more security (sha1 hasn't been in PHP as long (only since 4.3.0) so you will lose some compatability, Ryan Thompson wrote: I know this is an opinion thing but what's the best functions or function set for password encryption? Currently my project uses md5 but I thinks it's more for checksums isn't it? Also, is mcrypt used for passwords? I looks like it's a two-way encryption. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Encryption question
I know this is an opinion thing but what's the best functions or function set for password encryption? Currently my project uses md5 but I thinks it's more for checksums isn't it? Also, is mcrypt used for passwords? I looks like it's a two-way encryption. -- Ryan Thompson [EMAIL PROTECTED] http://osgw.sourceforge.net == A computer scientist is someone who fixes things that aren't broken --Unknown -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Encryption question
Sorry. Just stumbled on crypt() On Friday 10 October 2003 22:31, Ryan Thompson wrote: I know this is an opinion thing but what's the best functions or function set for password encryption? Currently my project uses md5 but I thinks it's more for checksums isn't it? Also, is mcrypt used for passwords? I looks like it's a two-way encryption. -- Ryan Thompson [EMAIL PROTECTED] http://osgw.sourceforge.net == A computer scientist is someone who fixes things that aren't broken --Unknown -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Encryption question
On Fri, 2003-10-10 at 20:31, Ryan Thompson wrote: I know this is an opinion thing but what's the best functions or function set for password encryption? Currently my project uses md5 but I thinks it's more for checksums isn't it? Also, is mcrypt used for passwords? I looks like it's a two-way encryption. md5 is a one-way hash function. It is great for passwords. (I'm not sure if that technically qualifies as encryption because it is nearly impossible to decrypt..hmm) Anyway, I would recommend using it. - Brad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Encryption question
I think it all falls under the cryptography category, but you're right - it doesn't fall into the encryption/decryption scheme since it is only one-way. -M -Original Message- From: Brad Pauly [mailto:[EMAIL PROTECTED] Sent: Friday, October 10, 2003 10:43 PM To: php-gen Subject: Re: [PHP] Encryption question md5 is a one-way hash function. It is great for passwords. (I'm not sure if that technically qualifies as encryption because it is nearly impossible to decrypt..hmm) Anyway, I would recommend using it. - Brad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] encryption question - mcrypt
Hi! I read the PHP manual about the encryption, mcrypt_module_open(). I have been trying to figure out an example of the parameters inside the functions. I tried some of these options but I still get the error message saying Warning: mcrypt module initialization failed in . Here's some example I tried. //Test #1 $td = mcrypt_module_open (MCRYPT_DES, '', MCRYPT_MODE_ECB, ''); As for Test #2, I have no such 'mcrypt-modes' directory anywhere on the server. //Test #2 $td = mcrypt_module_open (MCRYPT_DES, '', MCRYPT_MODE_ECB, '/usr/lib/mcrypt-modes'); Is this a bug Thanks, Scott F. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Encryption Question
I want to compare a password to a encrypted password stored in my mySQL
database using password('password'), what's the best way to compare the two?
Encrypted the password sent by the user and compare or pull the password
from the database based on username, decrypt it and then compare?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Encryption Question
I want to compare a password to a encrypted password stored in my
mySQL
database using password('password'), what's the best way to compare
the
two?
Encrypted the password sent by the user and compare or pull the
password
from the database based on username, decrypt it and then compare?
SELECT 1 FROM table WHERE password_column = PASSWORD('$password') AND
username = '$username'
If a row is returned, the username and password match what's in the
database. $password and $username would come from your form or
whatever...
---John Holmes...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Encryption Question
Just how are you going to decrypt it? Password encryption is ordinarily
one-way - you have no choice. You have to compare encrypted passwords.
-Original Message-
From: Tom Ray [mailto:[EMAIL PROTECTED]]
SI want to compare a password to a encrypted password stored in my mySQL
database using password('password'), what's the best way to compare the two?
Encrypted the password sent by the user and compare or pull the password
from the database based on username, decrypt it and then compare?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
