Solved

encryption/decryption problems (MCRYPT_MODE_CBC vs. MCRYPT_MODE_ECB) (250pts)

Posted on 2004-04-01
6
3,937 Views
Last Modified: 2007-12-19
hi, i'm working on a script, that requires encrypting and decrypting data, but i'm still a little new to encryption.

the script works ok, when i encrypt/decrypt in "MCRYPT_MODE_ECB" mode, but not in "MCRYPT_MODE_CBC" mode.

I'd like to use CBC mode, because it's supposed to be considerably safer.

when i switch to MCRYPT_MODE_CBC mode it decrypts all of it correctly, EXCEPT the first small section. I was thinking that maybe the first 'block' wasn't being deypted properly?

anyway, here's my code:

working code:
-----START CODE-----  
// file name: ez_RIJNDAEL_256.inc. this is a lone .inc file
function encr_RIJNDAEL_256($key_in, $plaintext){
       $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
       $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
       $key = $key_in;
       $text = $plaintext;
       $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv);
       return $crypttext;
       }

function decr_RIJNDAEL_256($key_in, $cryptedtext){
       $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
       $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
       $key = $key_in;
       $plaintext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $cryptedtext, MCRYPT_MODE_ECB, $iv);
       return $plaintext;
       }
 -----END CODE-----


The functions are called using:


-----START CODE-----  
// file name: test_ez_RIJNDAEL_256.php
include('myapp.config.php'); // the only setting in this file for now is:
                             // the variable $enc_passwd which contains
                             // the default encryption password.
include('ez_RIJNDAEL_256.inc'); // contains the encryption / decryption
                                // functions listed in the code block above.

// read the unencrypted contents...
$fp = fopen("testfile.htm", "r");
$contents = fread($fp, filesize("testfile.htm"));
fclose($fp);

$encrypted_string=encr_RIJNDAEL_256(md5($enc_passwd), $contents);

print "<br>encrypted string=<hr>".$encrypted_string."<hr><br>";
// note this prints the encrypted string correctly

$decrypted_string=decr_RIJNDAEL_256(md5($enc_passwd), $encrypted_string);
print "<br>decrypted string=<hr>".$decrypted_string."<hr><br>";
-----END CODE-----  
 

this prints the original unencrypted string, just as it should...
but if i modify the ez_RIJNDAEL_256.inc functions to use MCRYPT_MODE_CBC instead of MCRYPT_MODE_ECB, (like in the code below), it messes up...

see the altered code below (not working correctly):
(note all i did was replace all "MCRYPT_MODE_ECB" with "MCRYPT_MODE_CBC")
-----START CODE-----
// file name: ez_RIJNDAEL_256.inc. this is a lone .inc file
function encr_RIJNDAEL_256($key_in, $plaintext){
       $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
       $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
       $key = $key_in;
       $text = $plaintext;
       $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_CBC, $iv);
       return $crypttext;
       }

function decr_RIJNDAEL_256($key_in, $cryptedtext){
       $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
       $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
       $key = $key_in;
       $plaintext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $cryptedtext, MCRYPT_MODE_CBC, $iv);
       return $plaintext;
       }
-----END CODE-----  

the above code returns the [incorrectly] "decrypted" string like this...

-----START OUTPUT-----  
ÙªA8>â¯v04bÖa é-RÛ†÷nA+“UËœN5from here on the string is properly decrypted... why the heck is the start of this string decrypted incorrectly when usinng MCRYPT_MODE_CBC instead of MCRYPT_MODE_ECB ??
-----END OUTPUT-----

why is the start of this string decrypted incorrectly when usinng MCRYPT_MODE_CBC instead of MCRYPT_MODE_ECB ??

I'm stumped, if anyone can help it would be a great help. my code propbably just needs a little tweak i'm not seeing. like i said, i'm new to encryption. could i have a problem with the "$iv"??

i did find scripts using the function mcrypt_cbc(), but it says in the php documentation "This function should not be used anymore". i assume this means it's not as secure as other means, or it has been depreciated, or whatever. there must be a reason it "shouldn't be used anymore"...

thanks in advance, i'm a bit stuck. :-)
T Briere
0
Comment
Question by:tjbriere
  • 4
  • 2
6 Comments
 
LVL 6

Accepted Solution

by:
jkna_gunn earned 250 total points
ID: 10739057
i dont use CBC but i can show the code i use to create the $iv

$iv = substr(md5($key), 0,mcrypt_get_iv_size (MCRYPT_CAST_256,MCRYPT_MODE_CFB));

i also encode the crypttext

$crypttext =  trim(chop(base64_encode($crypttext)));

then when decrypting decode the string

$crypttext = trim(chop(base64_decode($string)));
 the $iv would be the same.

see how that goes
0
 

Author Comment

by:tjbriere
ID: 10807863

thanks jkna_gunn for respnding, but it doesn't answer the question.
0
 

Author Comment

by:tjbriere
ID: 10807865
I've been struggling with this for some time, and I need to get the project finished really soon.

I find EE very awkward to use, all these rules and all.  Now that someone has commented on my question, I don't know what to do. Do i have to give points when the question was never really answered? can i get the points back, to use later?  I'm surprised to get practically no response.
I have spent considerable time here, and now I have points tied up that I might want to use somewhere else.

I am almost finished rewriting my own pure-php implementation of an encryption algorithm to use, as I don't have huge amounts of data that need to be encrypted, so a pure php script should be adequately fast.

how do i delete or close this question? I don't want to waste other people's time, yet I cannot afford to have to come here every day to check for messages...
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:tjbriere
ID: 10807876
I read in the faqs that I am to ask someone to delete or close the qestion, is this where I ask?

thanks in advance, I'm a bit of a newbie to EE.
0
 

Author Comment

by:tjbriere
ID: 10871254
Actually jkna_gunn, you sort of answered the question...

i just found out myself why it's not working, it took a bit of research into how ECB and CBC encryption modes work... then when I look at your answer closely, I see you did indirectly anwer it.

explanation of what I did wrong:

see definitions for ECB:
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci344944,00.html
and CBC:
http://searchsecurity.techtarget.com/gDefinition/0,294236,sid14_gci344945,00.html

ECB mode ecrypts each block separately, CBC mode XOR's the previous block with the curent block before (or was it after?) encryption, then it goes to the next block.  This makes it much more difficult for cryption cracking techniques, for reasons too lengthy to explain.

the first block obviously has no "previous" block. that's where the IV comes in, it serves as the initial block to XOR the first block with.

so, when i decrypted, it all decrypted properly except the first "block".
So If I remember right, I XOR'ed the known text value of the first block with the ecrypted results, and the results are the original IV created, just as I suspected...

Conclusion: I used a different IV for the encryption and decryption process. Yes, it's a stupid mistake, and I should have picked up on the obvious sooner, but I guess that's how we learn.

And learn i did! -- In the meantime, I wrote the entire rijndael (ECB mode only) 128bit encryption algorithm in pure PHP.  I'm going to need it in a larger project I'm working on anyway.  I must ass that I'm very impressed at the speed at which a pure PHP script can crunch numbers!  I think I found a new favorite language. It was a close tie before, but PHP's speed tips it in PHP's favor. :-)

Anyway, If I look closely at the answer you wrote, jkna_gunn, the answer is in there, so I'm giving you the points. :-)

-Trevor Briere, Trail, B.C.




0
 
LVL 6

Expert Comment

by:jkna_gunn
ID: 10871364
thanks very much :)
i confess i dont know that much about crytography just enough to get me by.
thanks for the points.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now