Hey,
I'm creating a vBulletin Modification (update actually) and as of right now I am storing passwords as plain text. I was told about mcrypt, and decided to use it. But I'm having a problem. Since I need an unencrypted password in several cases, I decrypt the password to edit and authenticate. Now, I have the following code to encrypt:
$size = mcrypt_get_iv_size(MCRYPT_3DES, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);
$vbulletin->GPC['twitter_password'] = mcrypt_encrypt(MCRYPT_3DES, COOKIE_SALT, $vbulletin->GPC['twitter_password'], MCRYPT_MODE_CBC, $iv);
Where $vbulletin->GPC['twitter_password'] starts out unencrypted, but that variable is overwritten using the encrypted value. Now, this works just fine, but when I use this for decryption it comes out exactly the same as the encrypted value:
$size = mcrypt_get_iv_size(MCRYPT_3DES, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);
$bbuserinfo['twitter_password'] = mcrypt_decrypt(MCRYPT_3DES, COOKIE_SALT, $vbulletin->userinfo['twitter_password'], MCRYPT_MODE_CBC, $iv);
Where values are the same. I just happen to assign it to a new variable. I cannot figure this out (and doing a quick search of this forum hasn't helped) and since I have fixed several crucial bugs and need to get this out ASAP, it would be much appreciated!
