PDA

View Full Version : encrypt / decrypt


Creative Insanity
11-20-2005, 06:39 PM
Ok, once again I find my site dealing with an area that I have not had any experience with.
That is MD5 decryption of passwords.
I had someone test out my client side of my site and they could access the fake user I created for the simple reason that I have not used any encryption on the passwords. That side I have sussed out, but I cannot suss out the decryption.
But atleast my mate cannot access the account anymore, and nor can I LOL.

I have read heaps about it over the past couple of days and I still cannot get the decryption to work.

Anyone done any of this sorta stuff?

davidj
11-21-2005, 08:35 AM
from my php book of Knowledge. Look at the astrix marked highlight


I must point out to all the people who read the notes this far that MD5 is _not_ encryption in a traditional sense. Creating an MD5 digest (or hash) of a message simply creates 128 bits that can be used to almost positively identify that message or object in the future. You use MD5 if you want to validate that information is true. For example, you may ask a user to submit a message through a browser POST and save an MD5 of that message in a database for a preview function. When the user submits it the second time, running the MD5 hash of the new version of the text and comparing it to the original MD5 in the database will tell you if the text has changed at all. This is how MD5 is used --

*****
it is _not_ for encrypting things so as to get the data back afterward -- the MD5 hash version does _not_ contain the data of the original in a new form.

Creative Insanity
11-21-2005, 08:42 AM
Oh... so I have seen MD5 in the wrong light, and this also tells me why it is not working.

What is the name of that book dj? I have many php books here and none mentioned that. (useless books baa humbug).

davidj
11-21-2005, 08:47 AM
try

MCRYPT ('http://mcrypt.hellug.gr/')

davidj
11-21-2005, 08:54 AM
i can send you the 12mb php chm through messenger if you want

Creative Insanity
11-21-2005, 08:55 AM
Book marked for tomorrow.. getting a little late here now and ci is a tad tired hehe

davidj
11-21-2005, 01:29 PM
MCRYPT

get MCRYPT here ('http://mcrypt.hellug.gr/')

This is an interface to the mcrypt library, which supports a wide variety of block algorithms such as DES, TripleDES, Blowfish (default), 3-WAY, SAFER-SK64, SAFER-SK128, TWOFISH, TEA, RC2 and GOST in CBC, OFB, CFB and ECB cipher modes. Additionally, it supports RC6 and IDEA which are considered "non-free".

Note:
This extension is not available on Windows platforms.

Requirements
These functions work using mcrypt. To use it, download libmcrypt-x.x.tar.gz from here and follow the included installation instructions.

If you linked against libmcrypt 2.4.x or higher, the following additional block algorithms are supported: CAST, LOKI97, RIJNDAEL, SAFERPLUS, SERPENT and the following stream ciphers: ENIGMA (crypt), PANAMA, RC4 and WAKE. With libmcrypt 2.4.x or higher another cipher mode is also available; nOFB.

Installation
You need to compile PHP with the --with-mcrypt[=DIR] parameter to enable this extension. Make sure you compile libmcrypt with the option --disable-posix-threads.

Runtime Configuration
The behaviour of these functions is affected by settings in php.ini.

Table 77. Mcrypt configuration options
Name Default Changeable
mcrypt.algorithms_dir NULL PHP_INI_ALL
mcrypt.modes_dir NULL PHP_INI_ALL

For further details and definition of the PHP_INI_* constants see ini_set().

Resource Types
This extension has no resource types defined.

Predefined Constants
The constants below are defined by this extension, and will only be available when the extension has either been compiled into PHP or dynamically loaded at runtime.

Mcrypt can operate in four block cipher modes (CBC, OFB, CFB, and ECB). If linked against libmcrypt-2.4.x or higher the functions can also operate in the block cipher mode nOFB and in STREAM mode. Below you find a list with all supported encryption modes together with the constants that are defines for the encryption mode. For a more complete reference and discussion see Applied Cryptography by Schneier (ISBN 0-471-11709-9).

MCRYPT_MODE_ECB (electronic codebook) is suitable for random data, such as encrypting other keys. Since data there is short and random, the disadvantages of ECB have a favorable negative effect.
MCRYPT_MODE_CBC (cipher block chaining) is especially suitable for encrypting files where the security is increased over ECB significantly.
MCRYPT_MODE_CFB (cipher feedback) is the best mode for encrypting byte streams where single bytes must be encrypted.
MCRYPT_MODE_OFB (output feedback, in 8bit) is comparable to CFB, but can be used in applications where error propagation cannot be tolerated. It's insecure (because it operates in 8bit mode) so it is not recommended to use it.
MCRYPT_MODE_NOFB (output feedback, in nbit) is comparable to OFB, but more secure because it operates on the block size of the algorithm.
MCRYPT_MODE_STREAM is an extra mode to include some stream algorithms like WAKE or RC4.
Some other mode and random device constants:

MCRYPT_ENCRYPT (integer)
MCRYPT_DECRYPT (integer)
MCRYPT_DEV_RANDOM (integer)
MCRYPT_DEV_URANDOM (integer)
MCRYPT_RAND (integer)
Mcrypt ciphers
Here is a list of ciphers which are currently supported by the mcrypt extension. For a complete list of supported ciphers, see the defines at the end of mcrypt.h. The general rule with the mcrypt-2.2.x API is that you can access the cipher from PHP with MCRYPT_ciphername. With the libmcrypt-2.4.x and libmcrypt-2.5.x API these constants also work, but it is possible to specify the name of the cipher as a string with a call to mcrypt_module_open().

MCRYPT_3DES
MCRYPT_ARCFOUR_IV (libmcrypt > 2.4.x only)
MCRYPT_ARCFOUR (libmcrypt > 2.4.x only)
MCRYPT_BLOWFISH
MCRYPT_CAST_128
MCRYPT_CAST_256
MCRYPT_CRYPT
MCRYPT_DES
MCRYPT_DES_COMPAT (libmcrypt 2.2.x only)
MCRYPT_ENIGMA (libmcrypt > 2.4.x only, alias for MCRYPT_CRYPT)
MCRYPT_GOST
MCRYPT_IDEA (non-free)
MCRYPT_LOKI97 (libmcrypt > 2.4.x only)
MCRYPT_MARS (libmcrypt > 2.4.x only, non-free)
MCRYPT_PANAMA (libmcrypt > 2.4.x only)
MCRYPT_RIJNDAEL_128 (libmcrypt > 2.4.x only)
MCRYPT_RIJNDAEL_192 (libmcrypt > 2.4.x only)
MCRYPT_RIJNDAEL_256 (libmcrypt > 2.4.x only)
MCRYPT_RC2
MCRYPT_RC4 (libmcrypt 2.2.x only)
MCRYPT_RC6 (libmcrypt > 2.4.x only)
MCRYPT_RC6_128 (libmcrypt 2.2.x only)
MCRYPT_RC6_192 (libmcrypt 2.2.x only)
MCRYPT_RC6_256 (libmcrypt 2.2.x only)
MCRYPT_SAFER64
MCRYPT_SAFER128
MCRYPT_SAFERPLUS (libmcrypt > 2.4.x only)
MCRYPT_SERPENT(libmcrypt > 2.4.x only)
MCRYPT_SERPENT_128 (libmcrypt 2.2.x only)
MCRYPT_SERPENT_192 (libmcrypt 2.2.x only)
MCRYPT_SERPENT_256 (libmcrypt 2.2.x only)
MCRYPT_SKIPJACK (libmcrypt > 2.4.x only)
MCRYPT_TEAN (libmcrypt 2.2.x only)
MCRYPT_THREEWAY
MCRYPT_TRIPLEDES (libmcrypt > 2.4.x only)
MCRYPT_TWOFISH (for older mcrypt 2.x versions, or mcrypt > 2.4.x )
MCRYPT_TWOFISH128 (TWOFISHxxx are available in newer 2.x versions, but not in the 2.4.x versions)
MCRYPT_TWOFISH192
MCRYPT_TWOFISH256
MCRYPT_WAKE (libmcrypt > 2.4.x only)
MCRYPT_XTEA (libmcrypt > 2.4.x only)
You must (in CFB and OFB mode) or can (in CBC mode) supply an initialization vector (IV) to the respective cipher function. The IV must be unique and must be the same when decrypting/encrypting. With data which is stored encrypted, you can take the output of a function of the index under which the data is stored (e.g. the MD5 key of the filename). Alternatively, you can transmit the IV together with the encrypted data (see chapter 9.3 of Applied Cryptography by Schneier (ISBN 0-471-11709-9) for a discussion of this topic).

Examples
Mcrypt can be used to encrypt and decrypt using the above mentioned ciphers. If you linked against libmcrypt-2.2.x, the four important mcrypt commands (mcrypt_cfb(), mcrypt_cbc(), mcrypt_ecb(), and mcrypt_ofb()) can operate in both modes which are named MCRYPT_ENCRYPT and MCRYPT_DECRYPT, respectively.

Example 442. Encrypt an input value with TripleDES under 2.2.x in ECB mode
copy to clipboard
<?php
$key = "this is a secret key";
$input = "Let us meet at 9 o'clock at the secret place.";

$encrypted_data = mcrypt_ecb (MCRYPT_3DES, $key, $input, MCRYPT_ENCRYPT);
?>
This example will give you the encrypted data as a string in $encrypted_data.

If you linked against libmcrypt 2.4.x or 2.5.x, these functions are still available, but it is recommended that you use the advanced functions.

Example 443. Encrypt an input value with TripleDES under 2.4.x and higher in ECB mode
copy to clipboard
<?php
$key = "this is a secret key";
$input = "Let us meet at 9 o'clock at the secret place.";

$td = mcrypt_module_open ('tripledes', '', 'ecb', '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);
mcrypt_generic_init ($td, $key, $iv);
$encrypted_data = mcrypt_generic ($td, $input);
mcrypt_generic_deinit ($td);
mcrypt_module_close ($td);
?>
This example will give you the encrypted data as a string in $encrypted_data. For a full example see mcrypt_module_open().

MCRYPT Functions

mcrypt_cbc - Encrypt/decrypt data in CBC mode
mcrypt_cfb - Encrypt/decrypt data in CFB mode
mcrypt_create_iv - Create an initialization vector (IV) from a random source
mcrypt_decrypt - Decrypts crypttext with given parameters
mcrypt_ecb - Encrypt/decrypt data in ECB mode
mcrypt_enc_get_algorithms_name - Returns the name of the opened algorithm
mcrypt_enc_get_block_size - Returns the blocksize of the opened algorithm
mcrypt_enc_get_iv_size - Returns the size of the IV of the opened algorithm
mcrypt_enc_get_key_size - Returns the maximum supported keysize of the opened mode
mcrypt_enc_get_modes_name - Returns the name of the opened mode
mcrypt_enc_get_supported_key_sizes - Returns an array with the supported keysizes of the opened algorithm
mcrypt_enc_is_block_algorithm_mode - Checks whether the encryption of the opened mode works on blocks
mcrypt_enc_is_block_algorithm - Checks whether the algorithm of the opened mode is a block algorithm
mcrypt_enc_is_block_mode - Checks whether the opened mode outputs blocks
mcrypt_enc_self_test - This function runs a self test on the opened module
mcrypt_encrypt - Encrypts plaintext with given parameters
mcrypt_generic_deinit - This function deinitializes an encryption module
mcrypt_generic_end - This function terminates encryption
mcrypt_generic_init - This function initializes all buffers needed for encryption
mcrypt_generic - This function encrypts data
mcrypt_get_block_size - Get the block size of the specified cipher
mcrypt_get_cipher_name - Get the name of the specified cipher
mcrypt_get_iv_size - Returns the size of the IV belonging to a specific cipher/mode combination
mcrypt_get_key_size - Get the key size of the specified cipher
mcrypt_list_algorithms - Get an array of all supported ciphers
mcrypt_list_modes - Get an array of all supported modes
mcrypt_module_close - Close the mcrypt module
mcrypt_module_get_algo_block_size - Returns the blocksize of the specified algorithm
mcrypt_module_get_algo_key_size - Returns the maximum supported keysize of the opened mode
mcrypt_module_get_supported_key_sizes - Returns an array with the supported keysizes of the opened algorithm
mcrypt_module_is_block_algorithm_mode - This function returns if the the specified module is a block algorithm or not
mcrypt_module_is_block_algorithm - This function checks whether the specified algorithm is a block algorithm
mcrypt_module_is_block_mode - This function returns if the the specified mode outputs blocks or not
mcrypt_module_open - This function opens the module of the algorithm and the mode to be used
mcrypt_module_self_test - This function runs a self test on the specified module
mcrypt_ofb - Encrypt/decrypt data in OFB mode
mdecrypt_generic - This function decrypts data

Creative Insanity
11-21-2005, 03:55 PM
Can't use that dj as it has to be compiled on the server and I cannot see my hoster doing that.

davidj
11-21-2005, 04:02 PM
one way encrypt >

for passwords and the like..


<?php
$password = crypt("My1sTpassword"); # let salt be generated

# You should pass the entire results of crypt() as the salt for comparing a
# password, to avoid problems when different hashing algorithms are used. (As
# it says above, standard DES-based password hashing uses a 2-character salt,
# but MD5-based hashing uses 12.)
if (crypt($user_input,$password) == $password) {
echo "Password verified!";
}
?>

Creative Insanity
11-21-2005, 04:11 PM
yeah that should do the job.. cheers once again dj.