Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

PEAR Crypt_Blowfish returns different values on different machines with same key?

Posted on 2008-10-08
5
457 Views
Last Modified: 2013-12-12
I have a script running on my production server that uses PEAR Crypt_Blowfish (1.0.1) to encrypt/decrypt passwords.  I'm in the process of moving to new server hardware and am having problems with the new system being able to decrypt the passwords that were encrypted by the old.

On both systems I use the same key and the same function's code to encrypt/decrypt.

Since I'm using the same key on both systems shouldn't I be seeing the same values being returned regardless of the system, or does Blowfish use elements in the encryption that are unique to each installation?

I appreciate any help you can provide, thanks!


//(BCK is the constant containing the crypt key I use.)
 
    $result = '';
    $crypt = new Crypt_Blowfish(BCK);
 
    if ('DECRYPT' == $action)
    {
        $result = trim($crypt->decrypt(pack('H*', $pw)));
    }
    else if ('ENCRYPT' == $action)
    {
        $result = bin2hex($crypt->encrypt($pw));
    }
 
    return $result;

Open in new window

0
Comment
Question by:bearfilms
  • 2
  • 2
5 Comments
 
LVL 15

Assisted Solution

by:babuno5
babuno5 earned 25 total points
ID: 22676211
the only difference that i can see is that the package uses the mcrypt extension if it is installed which might be causing the difference.

That is one server having the mcrypt extension installed and the other will not be having it.

To check just ensure that both the servers either have mcrypt installed or both the servers do not have it installed .
0
 
LVL 25

Expert Comment

by:Marcus Bointon
ID: 22677009
Is there any other difference between your servers? e.g. is one 32-bit and the other 64? Or possibly switching endianness, e.g. i386 to PPC or SPARC?
0
 

Author Comment

by:bearfilms
ID: 22678956
Thanks for the comments!  

@ babuno5: I checked and neither machine has mcrypt installed.  That was one of the nice things about using  the PEAR package is that we were able to do encryption without that extension.

@ Squinky: I'm checking with my hosting company to be sure, but doing a uname -m on both machines tells me that the "old" one is i386 and the "new" is i686.  I'm not sure how to find out more detail from the command line so I'll have to wait to hear back from the host to be sure.  We've had the "old" server a long time and my recollection is that it's a P4 while the "new" one is either a dual- or quad-core Xeon.
0
 
LVL 25

Accepted Solution

by:
Marcus Bointon earned 100 total points
ID: 22679631
i686 is still 32-bit. 64-bit systems tend to report x86_64 in uname. Main reason for wanting 64-bit is if you have more than about 3.5Gb or RAM. Anyway, it sounds like that factor has essentially not changed.

Have you tried installing mcrypt? It should give an enormous speed boost if you're using this function much, and generally all you'd need to do is 'aptitude install php5-mcrypt' (or equivalent) or alternatively 'pecl install mcrypt' to build it yourself.

Aside from that, it's worth posting a bug report or query on the pear forums/lists.
0
 

Author Comment

by:bearfilms
ID: 22694936
Thanks for the comments.  I've been over and checked the PEAR forum and found that people have had a similar problem and were advised to upgrade to the newest version.  At this point I think I'm just going to create a separate field in the database, convert the passwords and just switch over to the new hardware.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question