Solved

encryption/decryption problems (MCRYPT_MODE_CBC vs. MCRYPT_MODE_ECB) (250pts)

Posted on 2004-04-01
6
3,994 Views
Last Modified: 2007-12-19
hi, i'm working on a script, that requires encrypting and decrypting data, but i'm still a little new to encryption.

the script works ok, when i encrypt/decrypt in "MCRYPT_MODE_ECB" mode, but not in "MCRYPT_MODE_CBC" mode.

I'd like to use CBC mode, because it's supposed to be considerably safer.

when i switch to MCRYPT_MODE_CBC mode it decrypts all of it correctly, EXCEPT the first small section. I was thinking that maybe the first 'block' wasn't being deypted properly?

anyway, here's my code:

working code:
-----START CODE-----  
// file name: ez_RIJNDAEL_256.inc. this is a lone .inc file
function encr_RIJNDAEL_256($key_in, $plaintext){
       $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
       $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
       $key = $key_in;
       $text = $plaintext;
       $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv);
       return $crypttext;
       }

function decr_RIJNDAEL_256($key_in, $cryptedtext){
       $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
       $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
       $key = $key_in;
       $plaintext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $cryptedtext, MCRYPT_MODE_ECB, $iv);
       return $plaintext;
       }
 -----END CODE-----


The functions are called using:


-----START CODE-----  
// file name: test_ez_RIJNDAEL_256.php
include('myapp.config.php'); // the only setting in this file for now is:
                             // the variable $enc_passwd which contains
                             // the default encryption password.
include('ez_RIJNDAEL_256.inc'); // contains the encryption / decryption
                                // functions listed in the code block above.

// read the unencrypted contents...
$fp = fopen("testfile.htm", "r");
$contents = fread($fp, filesize("testfile.htm"));
fclose($fp);

$encrypted_string=encr_RIJNDAEL_256(md5($enc_passwd), $contents);

print "<br>encrypted string=<hr>".$encrypted_string."<hr><br>";
// note this prints the encrypted string correctly

$decrypted_string=decr_RIJNDAEL_256(md5($enc_passwd), $encrypted_string);
print "<br>decrypted string=<hr>".$decrypted_string."<hr><br>";
-----END CODE-----  
 

this prints the original unencrypted string, just as it should...
but if i modify the ez_RIJNDAEL_256.inc functions to use MCRYPT_MODE_CBC instead of MCRYPT_MODE_ECB, (like in the code below), it messes up...

see the altered code below (not working correctly):
(note all i did was replace all "MCRYPT_MODE_ECB" with "MCRYPT_MODE_CBC")
-----START CODE-----
// file name: ez_RIJNDAEL_256.inc. this is a lone .inc file
function encr_RIJNDAEL_256($key_in, $plaintext){
       $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
       $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
       $key = $key_in;
       $text = $plaintext;
       $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_CBC, $iv);
       return $crypttext;
       }

function decr_RIJNDAEL_256($key_in, $cryptedtext){
       $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
       $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
       $key = $key_in;
       $plaintext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $cryptedtext, MCRYPT_MODE_CBC, $iv);
       return $plaintext;
       }
-----END CODE-----  

the above code returns the [incorrectly] "decrypted" string like this...

-----START OUTPUT-----  
ÙªA8>â¯v04bÖa é-RÛ†÷nA+“UËœN5from here on the string is properly decrypted... why the heck is the start of this string decrypted incorrectly when usinng MCRYPT_MODE_CBC instead of MCRYPT_MODE_ECB ??
-----END OUTPUT-----

why is the start of this string decrypted incorrectly when usinng MCRYPT_MODE_CBC instead of MCRYPT_MODE_ECB ??

I'm stumped, if anyone can help it would be a great help. my code propbably just needs a little tweak i'm not seeing. like i said, i'm new to encryption. could i have a problem with the "$iv"??

i did find scripts using the function mcrypt_cbc(), but it says in the php documentation "This function should not be used anymore". i assume this means it's not as secure as other means, or it has been depreciated, or whatever. there must be a reason it "shouldn't be used anymore"...

thanks in advance, i'm a bit stuck. :-)
T Briere
0
Comment
Question by:tjbriere
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 6

Accepted Solution

by:
jkna_gunn earned 250 total points
ID: 10739057
i dont use CBC but i can show the code i use to create the $iv

$iv = substr(md5($key), 0,mcrypt_get_iv_size (MCRYPT_CAST_256,MCRYPT_MODE_CFB));

i also encode the crypttext

$crypttext =  trim(chop(base64_encode($crypttext)));

then when decrypting decode the string

$crypttext = trim(chop(base64_decode($string)));
 the $iv would be the same.

see how that goes
0
 

Author Comment

by:tjbriere
ID: 10807863

thanks jkna_gunn for respnding, but it doesn't answer the question.
0
 

Author Comment

by:tjbriere
ID: 10807865
I've been struggling with this for some time, and I need to get the project finished really soon.

I find EE very awkward to use, all these rules and all.  Now that someone has commented on my question, I don't know what to do. Do i have to give points when the question was never really answered? can i get the points back, to use later?  I'm surprised to get practically no response.
I have spent considerable time here, and now I have points tied up that I might want to use somewhere else.

I am almost finished rewriting my own pure-php implementation of an encryption algorithm to use, as I don't have huge amounts of data that need to be encrypted, so a pure php script should be adequately fast.

how do i delete or close this question? I don't want to waste other people's time, yet I cannot afford to have to come here every day to check for messages...
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:tjbriere
ID: 10807876
I read in the faqs that I am to ask someone to delete or close the qestion, is this where I ask?

thanks in advance, I'm a bit of a newbie to EE.
0
 

Author Comment

by:tjbriere
ID: 10871254
Actually jkna_gunn, you sort of answered the question...

i just found out myself why it's not working, it took a bit of research into how ECB and CBC encryption modes work... then when I look at your answer closely, I see you did indirectly anwer it.

explanation of what I did wrong:

see definitions for ECB:
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci344944,00.html
and CBC:
http://searchsecurity.techtarget.com/gDefinition/0,294236,sid14_gci344945,00.html

ECB mode ecrypts each block separately, CBC mode XOR's the previous block with the curent block before (or was it after?) encryption, then it goes to the next block.  This makes it much more difficult for cryption cracking techniques, for reasons too lengthy to explain.

the first block obviously has no "previous" block. that's where the IV comes in, it serves as the initial block to XOR the first block with.

so, when i decrypted, it all decrypted properly except the first "block".
So If I remember right, I XOR'ed the known text value of the first block with the ecrypted results, and the results are the original IV created, just as I suspected...

Conclusion: I used a different IV for the encryption and decryption process. Yes, it's a stupid mistake, and I should have picked up on the obvious sooner, but I guess that's how we learn.

And learn i did! -- In the meantime, I wrote the entire rijndael (ECB mode only) 128bit encryption algorithm in pure PHP.  I'm going to need it in a larger project I'm working on anyway.  I must ass that I'm very impressed at the speed at which a pure PHP script can crunch numbers!  I think I found a new favorite language. It was a close tie before, but PHP's speed tips it in PHP's favor. :-)

Anyway, If I look closely at the answer you wrote, jkna_gunn, the answer is in there, so I'm giving you the points. :-)

-Trevor Briere, Trail, B.C.




0
 
LVL 6

Expert Comment

by:jkna_gunn
ID: 10871364
thanks very much :)
i confess i dont know that much about crytography just enough to get me by.
thanks for the points.
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question