hmm... cipher anyone?

benkillin

Well, I want to write a simple substution cypher PHP script, that takes a paragraph (or more) of text, and encrypts it with a substution cipher. I also want to generate a random number between 1 - 65536 and to a md5 on that, then using some type of method, make the cypher using the md5. and output it to the browser. I want to be able to take the encoded text, and be able to put it back through the script and if I supply the proper md5, it will decode it back to the normal text... but, Im not too sure on how to go about this, any pointers?

Xoid

yeah, use the Mcrypt encryption techniques, alot easier 😃

benkillin

your right, alot easier!

I made a semi-functional script... I think it encrypts the message, but I get an error, and it wont decrypt the message.

here is my code:

<?php
$key = "this is a secret key";
$input = "Let us meet at 9 o'clock at the secret place.";
$encrypted_data = mcrypt_ecb (MCRYPT_3DES, $key, $input, MCRYPT_ENCRYPT);
$decrypted_data = mcrypt_ecb (MCRYPT_3DES, $key, $input, MCRYPT_DECRYPT);
echo $encrypted_data
."<br />\r\n"
.$decrypted_data;
?>

here is what is outputted to the browser:

Warning: mcrypt_ecb(): The IV parameter must be as long as the blocksize in D:\Server Files\Xitami\webpages\cipher.php on line 4

Warning: mcrypt_ecb(): The IV parameter must be as long as the blocksize in D:\Server Files\Xitami\webpages\cipher.php on line 5
\ºþê™Ï’áž(v¹FýaõFËU³æç SäÇÚÖzßù5Qì<±™-:Í
§«[‰€›°[@`‹ñ:/Ñï2¢»jœVDÜ±È£Õ´ ‹MÁbè²¾×¸Ò˜R

Weedpacket

This function should not be used anymore, see mcrypt_generic() and mdecrypt_generic() for replacements.

Doesn't say why, but when you're talking cryptography, you've gotta be careful 🙂

benkillin

well, I get 1 less error, and no output at all... could I see an example, I cant quite get it right.

benkillin

no?

Weedpacket

I just noticed that in your original example you are encrypting and decrypting both the key and the input - wouldn't you be wanting to decrypt the encrypted string? 🙂

Anyhow, I've never actually used these before so I thought I'd better start.

Starting with the second example in the Mcrypt chapter's intro ... (this is before I found the examples given under mcrypt_module_open):

    $key = "this is a secret key";
    $input = "Let us meet at 9 o'clock at the secret place.";

$td = mcrypt_module_open ('tripledes', '', 'ecb', '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);
mcrypt_generic_init ($td, $key, $iv);
$encrypted_data = mcrypt_generic ($td, $input);
mcrypt_generic_deinit ($td);
mcrypt_module_close ($td);

echo $encrypted_data;

I guess the decryption process is pretty similar.

    // already have $key and $encrypted_data

// append '2' just to keep things separate
$td2 = mcrypt_module_open ('tripledes', '', 'ecb', '');
$iv2 = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td2), MCRYPT_RAND);
mcrypt_generic_init ($td2, $key, $iv2);
$output = mdecrypt_generic ($td2, $encrypted_data);
mcrypt_generic_deinit ($td2);
mcrypt_module_close ($td2);

echo $output;

I get a notice about mcrypt_generic_deinit being undefined. There's a user note on the manual page about that function that points out that libmcrypt's author has a tendency to change the API. So for now I just comment those lines out and see what happens.

That works. Now it's a matter of finding out just what mcrypt_generic_deinit is supposed to do, and why it was removed from the API. If that information is to be found anywhere, it's in the mcrypt man page. Huh, seems to be out of date - let's make a guess and combine mcrypt_generic_deinit() and mcrypt_module_close() into a single mcrypt_generic_end(). The manual says it's deprecated, but the installed PHP or mcrypt() extension appears not to recognise deinit(). It recognises end(), though, so that could be an adequate workaround.

Yep. That works too. But I think more investigation may be warranted - it may be that the need for deinit() is not so critical in this environment.

benkillin

well, thank you very much! I think I get it now.

it works fine... but why is there a limit on the size of the key I can use?

The_Chancer

Using Weeds example under Windows..

Apache 2.0.47
PHP 4.3.4
Libmcrypt >=2.4.x

<?php
//decrypt
//ini_set("display_errors",0); //stop warning about key being too long (sometimes)
$key = "this is a secret key";
    $input = "Let us meet at 9 o'clock at the secret place.";

$td = mcrypt_module_open ('tripledes', '', 'ecb', '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);
mcrypt_generic_init ($td, $key, $iv);
$encrypted_data = mcrypt_generic ($td, $input);
mcrypt_generic_deinit ($td);
mcrypt_module_close ($td);

echo "Encrypted ".$encrypted_data."<br />";

// already have $key and $encrypted_data

// append '2' just to keep things separate
$td2 = mcrypt_module_open ('tripledes', '', 'ecb', '');
$iv2 = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td2), MCRYPT_RAND);
mcrypt_generic_init ($td2, $key, $iv2);
$output = mdecrypt_generic ($td2, $encrypted_data);
mcrypt_generic_deinit ($td2);
mcrypt_module_close ($td2);

echo "Decrypted ".$output;
?>

Only gives

Encrypted \ºþê™Ï’áž(v¹FýaõFËU³æçSäÇÚÖzßù5Qì<±_™-:Í
Decrypted \ºþê™Ï’áž(v¹FýaõFËU³æçSäÇÚÖzßù5Qì<±_™-:Í

Any ideas why mdecrypt_generic effectively does nothing ??

benkillin

Jesus frickin' christ! talk about a bump!

and to be honest, I dont know!

Moonglobe

im having the same problem in php5. i've thinking it has something to do with my outdated dlls for the ciphers. i'm gonna see if i can figure out how the heck to get mcrypt compiled on my own box.

The_Chancer

Bloody typical - I update to Advanced Server - and it all goes to pot...

Will try another method...

I think it is something to do with the latest libmcrypt.dll - as that is the only thing thats changed... (apart from the whole OS...)

As to the Bump.... the forumis for searching 😃 I'd rather do that than post again the same question... LOL

The_Chancer

Solution to this...

Download new libmcrypt.dll from http://ftp.emini.dk/pub/php/win32/mcrypt/

Download new stable snapshot from
http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

Replace the whole PHP installation and bingo bango - all works fine :-)