Encryption Problem

bailo81

I am using mcrypt to encrypt a password.

$key = 'super password key';
$data = 'super duper encrypted password';
$alg = MCRYPT_DES;
$mode = MCRYPT_MODE_CBC;

$iv = mcrypt_create_iv(mcrypt_get_iv_size($alg,$mode),MCRYPT_DEV_URANDOM);
$encrypted_data = mcrypt_encrypt($alg,$key,$data,$mode,$iv);
$plain_text = base64_encode($encrypted_data);

If i then decrypt it on the page it works fine:

$decrypted_data = mcrypt_decrypt($alg,$key,base64_decode($plain_text),$mode,$iv);

If i echo $decypted_data to the page it prints it out exactly as it should:

super duper encrypted password

However, if I put the value from $plain_text into a mysql database and then read it back using:

include ("dbconnector.php");

			$query  = "SELECT * FROM `site_users`";

		$results = mysql_query($query) or die("Error: " . mysql_error());
			$query_data = mysql_fetch_array($results); 
			//$username = $query_data["users_username"];
			$username = $query_data["users_username"];
			$password = $query_data["users_password"];



	  		$decrypted_username = mcrypt_decrypt($alg,$key,base64_decode($username),$mode,$iv);

Then when I echo $decrypted username back to the page it doesnt decrypt the first part of the string
Ÿkjª9Øýper encrypted password

Any ideas 😕

bailo81

any ideas anyone 🙁

LoganK

How about you don't use reverse encryption, because it's less secure, and instead utilize an MD5 hash?

Then just check to see if the MD5 hash of the pass they entered is the same as the has stored in the DB. Or, for a "Forgot Password" function, you can have the DB generate a new random, password, and e-mail it to them.

bailo81

I ended up using sha1() is this more or less (or the same) secure than md5?

Weedpacket

About the same (i.e., on its last legs and nearly due for retirement).

I'm wondering if your database isn't corrupting the data as it is stored. What data type are you using?