Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Why decrypt failed when in two different functions


  • Please log in to reply
2 replies to this topic

#1 dungpt29

dungpt29

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 02 February 2013 - 02:29 AM

My laptop is installed 64-bit Windows 7 Home Premium operating system.

I am trying to buid a website based on:
1) apache_2.2.14-win32-x86-no_ssl
2) php-5.2.11-Win32
3) mysql-essential-5.1.40-winx64
4) Zend Framework (ZF) 1.12.0

I create a table in database named clients containing list of clients.

CREATE TABLE `mydb`.`clients` (
  `client_id` INTEGER UNSIGNED NOT NULL AUTO_INCREMENT,
  `email_address` VARCHAR(100) NOT NULL,
  `password` TINYBLOB NOT NULL,
  PRIMARY KEY (`client_id`)
)
ENGINE = InnoDB;

password field data type is TINYBLOB because this field will contain data encrypted by MCRYPT

I have a function for inserting registration data into clients table as the following:

public function newAction()
{

$pass = $this->view->escape($this->_request->getPost("txtpassword"));
$email = $this->view->escape($this->_request->getPost("txtemailaddress"));


$td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, APPLICATION_PATH . '/../crypt/encrypt/', "ofb", APPLICATION_PATH . '/../crypt/mode/');			
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);			
$ks = mcrypt_enc_get_key_size($td);
$key = substr(hash("sha256", Zend_Registry::get('user_key')), 0, $ks);
				
mcrypt_generic_init($td, $key, $iv);
$encrypted = mcrypt_generic($td, $pass);

$newacc = new Application_Model_NewAccount();
$newacc->insertNewAccount($encrypted,$email_address); // insert encrypted password and email address into table clients

mcrypt_generic_deinit($td);
mcrypt_module_close($td);
}

When clients sign in to my website, they are required to fill their email address and password.
Therefore, I have the another function to do that as the following:

public function loginAction()
{
$uid = $this->_request->getQuery('uid');

$newacc = new Application_Model_NewAccount();
$entry = $newacc->find_entry('clients', 'email_address', 'password', 'client_id', '=', $uid);//Fetch data from table clients
$encrypted = $entry[0]['password'];
$email_address = $entry[0]['email_address'];

$td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, APPLICATION_PATH . '/../crypt/encrypt/', "ofb", APPLICATION_PATH . '/../crypt/mode/');			
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);			
$ks = mcrypt_enc_get_key_size($td);
$key = substr(hash("sha256", Zend_Registry::get('user_key')), 0, $ks);
			
mcrypt_generic_init($td, $key, $iv);
$decrypted = mdecrypt_generic($td, $encrypted); // Failed because $decrypted is not similar to initial password

mcrypt_generic_deinit($td);
mcrypt_module_close($td);			
}

I think decryption process is failed because:

$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
                                     // $iv in newAction() is different from $iv in loginAction()
                                     // because of MCRYPT_RAND that is the system random number generator.
                                     // It generates two different values in two different functions.

Please help me solve this problem.

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Bleepin Microsoftie Engineer


  • Malware Response Instructor
  • 11,978 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:59 PM

Posted 03 February 2013 - 03:24 PM

What do you mean by failed?

What is the behavior you are getting? What is the behavior you're expecting instead? Do you get a PHP interpreter error?

Billy3
Look buddy, I'm an Engineer, and that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall within the purview of your conundrums of philosophy....
GitHub - Twitter
My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)

#3 dungpt29

dungpt29
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 04 February 2013 - 12:17 AM

I get no PHP interpreter error. But my decryption is still unsuccessful because it is successful only when
$iv which is created by
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);

must be the same in newAction() and in loginAction(). Is there way to maintain it, Billy?

Edited by dungpt29, 04 February 2013 - 02:53 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users