Encryption failing

[Ken Kixmoeller -- reply to ken@kixmoeller.com]

Hey --- - -

I am in the process of upgrading the encryption technology I am using
from (64 bit) blowfish to (256 bit) rijndael.

The code (and some explanations) is below, but the results are, um,
unusual, and I can't see what I am doing wrong. For testing, I have a
program that generates a random 16-character string, encrypts it to a
variable, and decrypts it. Running it in 500 iteration loops, it
fails roughly 4% of the time. By "fails" I mean that the original
string and the eventual decrypted one don't match.

Anybody able to spot why?

Ken
--------------------------------------
function jagencdecr($text,$EorD,$encpass='') {
// parameters:
// - $text = string to be en/decrypted,
// - $EorD = Encrypt or Decrypt
// - $encpass = key phrase
if (empty($text)) {return "";}
$text = trim($text);
$cypher = mcrypt_module_open('rijndael-256', '', 'ecb', '');
// "ecb" mode produces the above results.
// "ofb" mode produces 100% errors

$size = mcrypt_enc_get_iv_size($cypher);
$phprand = rand(1000,9999);
$iv = mcrypt_create_iv($size,$phprand); // produces the same results
as below, platform independent
//$iv = mcrypt_create_iv($size,MCRYPT_RAND); // for Windows
//$iv = mcrypt_create_iv($size,MCRYPT_DEV_RAND); // for 'NIX

$ks = mcrypt_enc_get_key_size($cypher);
/* Create key */
$key = substr(md5($encpass), 0, $ks);
mcrypt_generic_init($cypher,$key,$iv);
if ($EorD == "D") {
$text_out = mdecrypt_generic($cypher,$text);
} else {
$text_out = mcrypt_generic($cypher,$text);
} // endif ($EorD == "D")
mcrypt_generic_deinit($cypher);
mcrypt_module_close($cypher);
return trim($text_out);

} // endfunc jagencdecr Jaguar Ecnrypt/Decrypt

[Casey]

On Jan 15, 2008, at 4:54 PM, "Ken Kixmoeller -- reply to k...@kixmoeller.com
" <Kixj...@comcast.net> wrote:

> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
Maybe you could echo the results of the failed ones and compare.

[Daniel Ennis]

I dont think using trim is a safe idea at the end, modifying the binary
data.

trim removes \n \r and spaces, and what if some of the encrypted data
happens to be one of those characters at the start or end of the data block?

Try removing the trim.

--
Daniel Ennis
faNetworks.net - Quality Web Hosting and Ventrilo Services
System Administrator / Web Developer
PHP Developer for 6 years
dan...@fanetworks.net

[Ken Kixmoeller -- reply to ken@kixmoeller.com]

On Jan 15, 2008, at 7:06 PM, Casey wrote:

>> Maybe you could echo the results of the failed ones and compare.

I did that at first, thinking that "something about these strings
might cause the problem." But then I realized: I can't blame the
data. I don't have any control over what users use for passwords, for
example. this thing is supposed to en/decrypt the strings I gige it,
so there must be some kind of programming flaw.

FWIW, there was no discernible pattern to the failed strings, at
least not to me. (Not that it matters.)

Ken

[Bastien Koert]

are you base64 encoding the resultant encryption string? I have found that there are problems with certain characters that can result from the encryption, usually a combination of characters that approximate a null or end of line

bastien> From: Kixj...@comcast.net> Date: Tue, 15 Jan 2008 21:41:45 -0600> To: php-g...@lists.php.net> Subject: Re: [PHP] Encryption failing> > > On Jan 15, 2008, at 7:06 PM, Casey wrote:> > >> Maybe you could echo the results of the failed ones and compare.> > I did that at first, thinking that "something about these strings > might cause the problem." But then I realized: I can't blame the > data. I don't have any control over what users use for passwords, for > example. this thing is supposed to en/decrypt the strings I gige it, > so there must be some kind of programming flaw.> > FWIW, there was no discernible pattern to the failed strings, at > least not to me. (Not that it matters.)> > Ken> > -- > PHP General Mailing List (http://www.php.net/)> To unsubscribe, visit: http://www.php.net/unsub.php>
_________________________________________________________________

[mike]

me too - it was a space. i changed it to "+" and it worked fine.

$cookie = str_replace(' ', '+', $_COOKIE['foo']);

[Andrés Robinet]

I second that, you should base64 encode values before encrypting and base64
decode them after decrypting to be safe.

Rob

Andrés Robinet | Lead Developer | BESTPLACE CORPORATION
5100 Bayview Drive 206, Royal Lauderdale Landings, Fort Lauderdale, FL 33308
| TEL 954-607-4207 | FAX 954-337-2695
Email: in...@bestplace.net | MSN Chat: be...@bestplace.net | SKYPE:
bestplace | Web: http://www.bestplace.biz | Web: http://www.seo-diy.com

[Ken Kixmoeller -- reply to ken@kixmoeller.com]

[Ken Kixmoeller -- reply to ken@kixmoeller.com]

On Jan 15, 2008, at 11:08 PM, Andrés Robinet wrote:

> I second that, you should base64 encode values before encrypting
> and base64
> decode them after decrypting to be safe.
>

Thanks for the idea.

Like this? Fails 500/500 times on my test.

------------------------------------

if ($EorD == "D") {
$text_out = mdecrypt_generic($cypher,$text);

$text = base64_decode($text);
} else {
$text= base64_encode($text);

$text_out = mcrypt_generic($cypher,$text);
} // endif ($EorD == "D")

------------------------------------

A quick test looks like this:

1: String: 9334133814260182
-|- Enc: X5Þ©·ža`p#È]#c¦±3 ÔýCõÒiÏ~r ¢Tª"
-|- Dec:OTMzNDEzMzgxNDI2MDE4Mg== -|- Nope

2: String: 3027022406512648
-|- Enc: j£n,h\"m ê´ uKP%¥† ¼D }H‚’f ¢š„
-|- Dec:MzAyNzAyMjQwNjUxMjY0OA== -|- Nope

3: String: 5042504153020331
-|- Enc: 9ÿ•ýŸÝ§¤6Wi+€×Ÿéáo>n ñº*J 6}Ø+„
-|- Dec:NTA0MjUwNDE1MzAyMDMzMQ== -|- Nope

4: String: 6741156238850410
-|- Enc: · :´[Úq\‹ë‹ 4\Q«ÍŽ5±{º‡µØtþðtN?b
-|- Dec:Njc0MTE1NjIzODg1MDQxMA== -|- Nope

5: String: 0003100244041329
-|- Enc: D¾¤ úV:!Mû 4ƒÜ€àœ‰ŽòÐÐ^ï Hñ-š %z
-|- Dec:MDAwMzEwMDI0NDA0MTMyOQ== -|- Nope

Wrong: 5/5

[Ken Kixmoeller.com]

On Jan 15, 2008, at 11:08 PM, Andrés Robinet wrote:

> I second that, you should base64 encode values before encrypting
> and base64
> decode them after decrypting to be safe.

Thanks for the idea.

Like this? Fails 500/500 times on my test.

------------------------------------

if ($EorD == "D") {
$text_out = mdecrypt_generic($cypher,$text);

$text = base64_decode($text);
} else {
$text= base64_encode($text);

$text_out = mcrypt_generic($cypher,$text);
} // endif ($EorD == "D")

[Casey]

On Jan 15, 2008 8:40 PM, Ken Kixmoeller -- reply to k...@kixmoeller.com

<Kixj...@comcast.net> wrote:
>
> On Jan 15, 2008, at 11:08 PM, Andrés Robinet wrote:
>
>
> > I second that, you should base64 encode values before encrypting
> > and base64
> > decode them after decrypting to be safe.
> >
>
> Thanks for the idea.
>
> Like this? Fails 500/500 times on my test.
>
> ------------------------------------
> if ($EorD == "D") {
> $text_out = mdecrypt_generic($cypher,$text);
> $text = base64_decode($text);
> } else {
> $text= base64_encode($text);
> $text_out = mcrypt_generic($cypher,$text);
> } // endif ($EorD == "D")
> ------------------------------------
>
> A quick test looks like this:
>
> 1: String: 9334133814260182

> -|- Enc: X5Þ(c)·ža`p#È]#c¦±3 ÔýCõÒiÏ~r ¢Tª"

> -|- Dec:OTMzNDEzMzgxNDI2MDE4Mg== -|- Nope
>
> 2: String: 3027022406512648
> -|- Enc: j£n,h\"m ê´ uKP%¥† ¼D }H‚'f ¢š„
> -|- Dec:MzAyNzAyMjQwNjUxMjY0OA== -|- Nope
>
> 3: String: 5042504153020331
> -|- Enc: 9ÿ• ýŸÝ§¤6Wi+€×Ÿéáo>n ñº*J 6}Ø+„
> -|- Dec:NTA0MjUwNDE1MzAyMDMzMQ== -|- Nope
>
> 4: String: 6741156238850410
> -|- Enc: · :´[Úq\‹ë‹ 4\Q«ÍŽ5±{º‡µØtþðtN?b
> -|- Dec:Njc0MTE1NjIzODg1MDQxMA== -|- Nope
>
> 5: String: 0003100244041329
> -|- Enc: D¾¤ úV:!Mû 4ƒÜ€àœ‰ŽòÐÐ^ï Hñ-š %z
> -|- Dec:MDAwMzEwMDI0NDA0MTMyOQ== -|- Nope
>
> Wrong: 5/5
>
>

> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

It returns the correct value. If you look at the last example, and run
base64_decode on "MDAwMzEwMDI0NDA0MTMyOQ==", you will get
"0003100244041329".
-Casey

[mike]

> ------------------------------------
> if ($EorD == "D") {
> $text_out = mdecrypt_generic($cypher,$text);
> $text = base64_decode($text);

shouldn't this be base64_decode($text_out) ? :)

> } else {
> $text= base64_encode($text);
> $text_out = mcrypt_generic($cypher,$text);

reverse these... make sure $text is setup right

> } // endif ($EorD == "D")

if you want to use this via cookies, GET, POST, etc. i would

encrypt
base64 encode

to decrypt:

string replace " " to "+"
base64 decode
then decrypt

[Andrés Robinet]

> -----Original Message-----
> From: mike [mailto:mik...@gmail.com]
> Sent: Wednesday, January 16, 2008 1:49 AM
> To: Ken Kixmoeller -- reply to k...@kixmoeller.com
> Cc: php-g...@lists.php.net
> Subject: Re: [PHP] Encryption failing
>

Hi Ken,

Just my 3 cents:

1 - Mike is right about first encrypting and then doing a base64_encode (then saving results to DB, cookies, etc). I don't know why replacing " " to "+" for decrypting, though.
2 - Mike is also right about $text = base64_decode($text) which should be $text = base64_decode($text_out) I think.
3 - You are trimming the results on return, according to one post in the manual notes this will remove null padding on the decrypted string. This is desired, most of the time, but if the original (cleartext message) string ended in nulls you will get a difference and that may be the cause of the errors you are getting.

if ($EorD == "D") {

// Get the original encrypted string
$text = base64_decode($text);
// Decrypt, you will get null padding
$text = mdecrypt_generic($cypher, $text);
// Restore the original text, you must keep the original text length stored somewhere
$text_out = substr($text, 0, $text_length);
} else {
$text_length = strlen($text);
// base64 encode encrypted string, to avoid headaches with strange characters in db, variables, etc
$text_out = base64_encode(mcrypt_generic($cypher, $text));
}
// Do not trim results if the clear text message ends with nulls

I'll have to work on something similar very soon, so I might have my own headaches later. If you have success (or even more trouble) any feedback would be much appreciated.

Regards,

[mike]

On 1/15/08, Andrés Robinet <agro...@bestplace.biz> wrote:

> 1 - Mike is right about first encrypting and then doing a base64_encode (then saving results to DB, cookies, etc). I don't know why replacing " " to "+" for decrypting, though.

we have an application which sets an encrypted cookie in .NET, and
base64 encodes it. for some reason, PHP was choking on spaces, but "+"
worked like a charm. not sure if it's something odd in the URL
encoding during transit or what... but it works like a charm.

I have on my todo list to post the code samples both from .NET side
and PHP side to help other people, but I haven't got around to it (not
to mention I have to take out some custom code specific to my
company's implementation)

[Ken Kixmoeller -- reply to ken@kixmoeller.com]

On Jan 15, 2008, at 10:48 PM, Casey wrote:

> It returns the correct value. If you look at the last example, and run
> base64_decode on "MDAwMzEwMDI0NDA0MTMyOQ==", you will get
> "0003100244041329".

Oops. "Haste makes crappy programming."

Ken

[Ken Kixmoeller -- reply to ken@kixmoeller.com]

On Jan 16, 2008, at 1:28 AM, Andrés Robinet wrote:

> 1 - Mike is right about first encrypting and then doing a
> base64_encode (then saving results to DB, cookies, etc). I don't
> know why replacing " " to "+" for decrypting, though.
>

His other post explains that php didn't seem to like spaces. No
spaces in the test strings -- I'll check for those when/if I can get
the core en/decryption working.

> 2 - Mike is also right about $text = base64_decode($text) which
> should be $text = base64_decode($text_out) I think.
>

Yup -- that's what i get for trying to do this hastily and late at
night --

> 3 - You are trimming the results on return, according to one post
> in the manual notes this will remove null padding on the decrypted
> string. This is desired, most of the time, but if the original
> (cleartext message) string ended in nulls you will get a difference
> and that may be the cause of the errors you are getting.
>

I understand that, thank you. There are no trailing nulls on the
original string.

After correcting the my program, I still get the same results, about
4% wrong:
----------------------------------------------------
70: String: 5214006139804600
-|- Enc: Ϊ%bÇCsšB>sìD% Å#z[ä . m…‡¿m§ð
-|- Dec:à c8 -|- Nope

75: String: 1034702254251899
-|- Enc: !: Ã2 ºÍ é× »àe 2s? :Ù0 LµŒÕ[«
-|- Dec:à`*' -|- Nope

89: String: 8245007043826594
-|- Enc: µÆ Íãd-‘Á´E3½y Í×v‹,ZØW"éûqüŽ‚ó
-|- Dec:û@Öë7� ¼ -|- Nope

etc.

Wrong: 23/500
----------------------------------------------------

Phooey.

Ken

[Ken Kixmoeller -- reply to ken@kixmoeller.com]

Many thanks, Mike --- yours works great... 0 errors.

On Jan 16, 2008, at 9:24 AM, mike wrote:

> function data_encrypt($data) {
> if(!$data) { return false; }
> return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256,
> $GLOBALS['config']['salt'], $data, 'cbc', md5($GLOBALS['config']['
> salt'].$GLOBALS['config']['salt'])));
> }
>
> function data_decrypt($data) {
> if(!$data) { return false; }
> return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256,
> $GLOBALS['config']['salt'], base64_decode(str_replace(' ', '+',
> $data)), '
> cbc', md5($GLOBALS['config']['salt'].$GLOBALS['config']['salt'])));
> }

[Richard Lynch]

On Tue, January 15, 2008 10:48 pm, Casey wrote:
> On Jan 15, 2008 8:40 PM, Ken Kixmoeller -- reply to k...@kixmoeller.com
> <Kixj...@comcast.net> wrote:
>>
>> On Jan 15, 2008, at 11:08 PM, Andrés Robinet wrote:
>>
>>
>> > I second that, you should base64 encode values before encrypting
>> > and base64
>> > decode them after decrypting to be safe.
>> >
>>
>> Thanks for the idea.
>>
>> Like this? Fails 500/500 times on my test.
>>
>> ------------------------------------
>> if ($EorD == "D") {
>> $text_out = mdecrypt_generic($cypher,$text);

You are base64-ing it, but...

>> $text = base64_decode($text);

You are not decoding the base64, but the original.

--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

[Richard Lynch]

Is it possible that 4% of the time, you have spaces on the start/end
of the string, which get trimmed before encryption?

And if rijndael is one of the algorithms which requires a fixed-size
input, that also would be "bad" to trim it. If you need multiple of
16 bytes input, leave the input alone.

Actually, I'd suggest that the encryption function has no business
trimming the text anyway.

If I want to jagencdecr(str_repeat(' ', 1000), 'E'), then I probably
don't want the function to trim that, eh? :-)

On Tue, January 15, 2008 6:54 pm, Ken Kixmoeller -- reply to

[Ken Kixmoeller -- reply to ken@kixmoeller.com]

(forgot to copy the list)

On Jan 16, 2008, at 5:08 PM, Richard Lynch wrote:

> Is it possible that 4% of the time, you have spaces on the start/end
> of the string, which get trimmed before encryption?
>

In this case, no. In trying to simplify the situation to narrow the
possibilities of error, I am generating "random" character strings of
only alphanumeric (or numeric-only) characters. Each is exactly 16
characters.

> And if rijndael is one of the algorithms which requires a fixed-size
> input, that also would be "bad" to trim it.
>

No documentation that I was able to find suggests that requirement.

> Actually, I'd suggest that the encryption function has no business
> trimming the text anyway.
>

Philosophically I agree with you, but mCrypt has this nasty habit of
appending bunches of nulls to the decrypted string. So philosophical
purity gives way to practical application.

Good ideas, as usual. Thank you.

Ken

[Zoltán Németh]

2008. 01. 17, csütörtök keltezéssel 12.14-kor Ken Kixmoeller -- reply to
k...@kixmoeller.com ezt írta:

yeah, I just ran into the same thing yesterday evening with mcrypt and
rijndael_256.
encrypting went fine, decrypted string had a lot of nulls at the end. so
I too had to use trim() on it.

greets
Zoltán Németh