Hello guys,
I'm developing a website that stores credit card information securely in the mysql database with mcrypt functions. After much testing, I thought the system was bug free and ready to go live. However, I am coming across one very strange bug that's very important I get fixed.
Problem: When using mcrypt to encrypt the credit card data, there are several cards that are being encrypted/decrypted incorrectly where the last digit of the credit card number is being replaced by a zero. Regardless of what the last digit the user enters, it is replaced with a zero! This only happens on a few select numbers, and not every number.
Here is the code I'm using to encrypt/decrypt:
function encryptData($data) {
$td = mcrypt_module_open('tripledes', '', 'ecb', '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, ENCRYPT_KEY, $iv);
$encrypted_data = mcrypt_generic($td, $data);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return $encrypted_data;
}
function decryptData($data) {
$td = mcrypt_module_open('tripledes', '', 'ecb', '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$key = substr($key, 0, mcrypt_enc_get_key_size($td));
mcrypt_generic_init($td, ENCRYPT_KEY, $iv);
$decrypted_data = mdecrypt_generic($td, $data);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return trim($decrypted_data);
}
This is a very well-known code base that I've seen posted on php.net and on many tutorial sites.
What is going on here?! If anyone can shed some light on this problem, it would be greatly appreciated.
Thanks,
Andrew
