How do I encrypt a string and get a equal length encrypted string?

How do I encrypt a string and get a equal length encrypted string? And if i use that algorithm, can the attackers crack my key when they have plaintext and ciphertext?

(it relate to PHP and MySQL)
joaqujnsecAsked:
Who is Participating?
 
Dave HoweConnect With a Mentor Software and Hardware EngineerCommented:
This one gets asked from time to time. There are learned papers here:

http://eprint.iacr.org/2001/012
http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ffsem/ffsem-spec.pdf

but the basic idea is this.

If you try re-encrypting the output of an otherwise ordinary algo (such as aes) enough times, eventually you end up with one the same size or smaller than the one you entered. (I.E. there are enough trailing zeros you can truncate to original size and that the remainder is zeros can be read as implicit)

Conversely, if you decrypt, and the output is larger than the input, you re-decrypt until you get a result with enough trailing zeros that you can truncate it to input size, and end up with the value you started with.

Note that these will be arbitrary non-ascii strings though - raw binary - and probably not printable.
0
 
akajohnCommented:
As a starting point depending on your requirements, you do need to chose between these two main methods of encryption.

http://www.suse.de/~garloff/Writings/mutt_gpg/node3.html

Otherwise in general the longer the key the harder it is to crack. otherwise if people are able tocrack it is going to take them years to crack it after which the information they obtain could be no longer useful.

Once you choose a mechanism then we would point you to an implementation of the said algorithm.
Hope this helps,

A.
0
 
tsteensCommented:
As akajohn says you need to deside on wheter to use symmetric or assymetric encryption. What are you going to use encryption for?  If you just want to encrypt what is in your database MySQL supports encryption. http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html. AES is generally considered the safest algorithm, but there are never any real guarantee against cryptoanalasys.
If you want to secure passwords for storage in your database a hash algorithm will probably be better suited. A hash algorithm will always return a string of the same length. http://en.wikipedia.org/wiki/Hash_function
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
joaqujnsecAuthor Commented:
Can you give me PHP example code for encrypt and decrypt with the same output length?
0
 
tsteensCommented:
What is the purpose of the encryption and why do you need a consistent output length?
0
 
tsteensCommented:
Have you found out what you need yet?

It would be really useful to know what you are going to use the encryption for in order to give you a good answer. However the following encrypts a string with AES.
  I've slightly modified the example from http://phpseclib.sourceforge.net/documentation/sym_crypt.html#sym_crypt_aes. You need to install the AES part of the PHP Secure Communications Library. From PEAR folow instructions here: http://phpseclib.sourceforge.net/pear.htm.

The output shows the length of the ciphertext after each encryption. I get...
10256
10272
10288
... which shows an increase in the length of the cipher text. I've not been able to find a PHP implementation of the cipher mode described in the links posted by DaveHowe.

Please let me know if this is helpful or if you need more help. A more precise description of the problem you are trying to solve would be very helpful.
0
 
Dave HoweSoftware and Hardware EngineerCommented:
Up to you, really - I gave the answer, but wasn't willing to code it for him as there would be considerable work involved.
0
 
tsteensCommented:
I agree with DaveHowe. He posted a possible solution, but joaqujnsec hasn't really given the enough inpout to verify if that is the best solution. There are several easier ways to work with encryption, but it really comes down to the specific problem he is trying to solve.
0
 
Dave HoweSoftware and Hardware EngineerCommented:
 The most common problem for which this is the specific is the case where an existing database must be post-facto encrypted, often without the active co-operation of the original program. There is usually a fixed-sized record that must contain the data both before and after the encryption is applied, and no opportunity to modify the backend engine to obscure the data but provide views to it that contain either dummy data returns, a hash, or the unencrypted data depending on the rights of the user requesting.

  There are better solutions if you can alter front or back end to suit, but this one is surprisingly common in situations where a company has suddenly found a requirement to protect captured data (usually a regulatory requirement) but does not wish to remove that data entirely.
0
 
TolomirAdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.