Solved

How do I encrypt a string and get a equal length encrypted string?

Posted on 2011-02-20
12
954 Views
Last Modified: 2012-05-11
How do I encrypt a string and get a equal length encrypted string? And if i use that algorithm, can the attackers crack my key when they have plaintext and ciphertext?

(it relate to PHP and MySQL)
0
Comment
Question by:joaqujnsec
12 Comments
 
LVL 6

Expert Comment

by:akajohn
ID: 34938355
As a starting point depending on your requirements, you do need to chose between these two main methods of encryption.

http://www.suse.de/~garloff/Writings/mutt_gpg/node3.html

Otherwise in general the longer the key the harder it is to crack. otherwise if people are able tocrack it is going to take them years to crack it after which the information they obtain could be no longer useful.

Once you choose a mechanism then we would point you to an implementation of the said algorithm.
Hope this helps,

A.
0
 

Expert Comment

by:tsteens
ID: 34949249
As akajohn says you need to deside on wheter to use symmetric or assymetric encryption. What are you going to use encryption for?  If you just want to encrypt what is in your database MySQL supports encryption. http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html. AES is generally considered the safest algorithm, but there are never any real guarantee against cryptoanalasys.
If you want to secure passwords for storage in your database a hash algorithm will probably be better suited. A hash algorithm will always return a string of the same length. http://en.wikipedia.org/wiki/Hash_function
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 34949419
This one gets asked from time to time. There are learned papers here:

http://eprint.iacr.org/2001/012
http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ffsem/ffsem-spec.pdf

but the basic idea is this.

If you try re-encrypting the output of an otherwise ordinary algo (such as aes) enough times, eventually you end up with one the same size or smaller than the one you entered. (I.E. there are enough trailing zeros you can truncate to original size and that the remainder is zeros can be read as implicit)

Conversely, if you decrypt, and the output is larger than the input, you re-decrypt until you get a result with enough trailing zeros that you can truncate it to input size, and end up with the value you started with.

Note that these will be arbitrary non-ascii strings though - raw binary - and probably not printable.
0
 

Author Comment

by:joaqujnsec
ID: 34996128
Can you give me PHP example code for encrypt and decrypt with the same output length?
0
 

Expert Comment

by:tsteens
ID: 34996164
What is the purpose of the encryption and why do you need a consistent output length?
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Expert Comment

by:tsteens
ID: 35024595
Have you found out what you need yet?

It would be really useful to know what you are going to use the encryption for in order to give you a good answer. However the following encrypts a string with AES.
  I've slightly modified the example from http://phpseclib.sourceforge.net/documentation/sym_crypt.html#sym_crypt_aes. You need to install the AES part of the PHP Secure Communications Library. From PEAR folow instructions here: http://phpseclib.sourceforge.net/pear.htm.

The output shows the length of the ciphertext after each encryption. I get...
10256
10272
10288
... which shows an increase in the length of the cipher text. I've not been able to find a PHP implementation of the cipher mode described in the links posted by DaveHowe.

Please let me know if this is helpful or if you need more help. A more precise description of the problem you are trying to solve would be very helpful.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 35357313
Up to you, really - I gave the answer, but wasn't willing to code it for him as there would be considerable work involved.
0
 

Expert Comment

by:tsteens
ID: 35357410
I agree with DaveHowe. He posted a possible solution, but joaqujnsec hasn't really given the enough inpout to verify if that is the best solution. There are several easier ways to work with encryption, but it really comes down to the specific problem he is trying to solve.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 35365409
 The most common problem for which this is the specific is the case where an existing database must be post-facto encrypted, often without the active co-operation of the original program. There is usually a fixed-sized record that must contain the data both before and after the encryption is applied, and no opportunity to modify the backend engine to obscure the data but provide views to it that contain either dummy data returns, a hash, or the unencrypted data depending on the rights of the user requesting.

  There are better solutions if you can alter front or back end to suit, but this one is surprisingly common in situations where a company has suddenly found a requirement to protect captured data (usually a regulatory requirement) but does not wish to remove that data entirely.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 35422453
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
This video teaches users how to migrate an existing Wordpress website to a new domain.
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now