Solved

How do I encrypt a string and get a equal length encrypted string?

Posted on 2011-02-20
12
964 Views
Last Modified: 2012-05-11
How do I encrypt a string and get a equal length encrypted string? And if i use that algorithm, can the attackers crack my key when they have plaintext and ciphertext?

(it relate to PHP and MySQL)
0
Comment
Question by:joaqujnsec
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 6

Expert Comment

by:akajohn
ID: 34938355
As a starting point depending on your requirements, you do need to chose between these two main methods of encryption.

http://www.suse.de/~garloff/Writings/mutt_gpg/node3.html

Otherwise in general the longer the key the harder it is to crack. otherwise if people are able tocrack it is going to take them years to crack it after which the information they obtain could be no longer useful.

Once you choose a mechanism then we would point you to an implementation of the said algorithm.
Hope this helps,

A.
0
 

Expert Comment

by:tsteens
ID: 34949249
As akajohn says you need to deside on wheter to use symmetric or assymetric encryption. What are you going to use encryption for?  If you just want to encrypt what is in your database MySQL supports encryption. http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html. AES is generally considered the safest algorithm, but there are never any real guarantee against cryptoanalasys.
If you want to secure passwords for storage in your database a hash algorithm will probably be better suited. A hash algorithm will always return a string of the same length. http://en.wikipedia.org/wiki/Hash_function
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 34949419
This one gets asked from time to time. There are learned papers here:

http://eprint.iacr.org/2001/012
http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ffsem/ffsem-spec.pdf

but the basic idea is this.

If you try re-encrypting the output of an otherwise ordinary algo (such as aes) enough times, eventually you end up with one the same size or smaller than the one you entered. (I.E. there are enough trailing zeros you can truncate to original size and that the remainder is zeros can be read as implicit)

Conversely, if you decrypt, and the output is larger than the input, you re-decrypt until you get a result with enough trailing zeros that you can truncate it to input size, and end up with the value you started with.

Note that these will be arbitrary non-ascii strings though - raw binary - and probably not printable.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:joaqujnsec
ID: 34996128
Can you give me PHP example code for encrypt and decrypt with the same output length?
0
 

Expert Comment

by:tsteens
ID: 34996164
What is the purpose of the encryption and why do you need a consistent output length?
0
 

Expert Comment

by:tsteens
ID: 35024595
Have you found out what you need yet?

It would be really useful to know what you are going to use the encryption for in order to give you a good answer. However the following encrypts a string with AES.
  I've slightly modified the example from http://phpseclib.sourceforge.net/documentation/sym_crypt.html#sym_crypt_aes. You need to install the AES part of the PHP Secure Communications Library. From PEAR folow instructions here: http://phpseclib.sourceforge.net/pear.htm.

The output shows the length of the ciphertext after each encryption. I get...
10256
10272
10288
... which shows an increase in the length of the cipher text. I've not been able to find a PHP implementation of the cipher mode described in the links posted by DaveHowe.

Please let me know if this is helpful or if you need more help. A more precise description of the problem you are trying to solve would be very helpful.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 35357313
Up to you, really - I gave the answer, but wasn't willing to code it for him as there would be considerable work involved.
0
 

Expert Comment

by:tsteens
ID: 35357410
I agree with DaveHowe. He posted a possible solution, but joaqujnsec hasn't really given the enough inpout to verify if that is the best solution. There are several easier ways to work with encryption, but it really comes down to the specific problem he is trying to solve.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 35365409
 The most common problem for which this is the specific is the case where an existing database must be post-facto encrypted, often without the active co-operation of the original program. There is usually a fixed-sized record that must contain the data both before and after the encryption is applied, and no opportunity to modify the backend engine to obscure the data but provide views to it that contain either dummy data returns, a hash, or the unencrypted data depending on the rights of the user requesting.

  There are better solutions if you can alter front or back end to suit, but this one is surprisingly common in situations where a company has suddenly found a requirement to protect captured data (usually a regulatory requirement) but does not wish to remove that data entirely.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 35422453
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Partnership Agreement 2 45
How secure is Anywhere Access on 2012r2 Essentials server 9 70
Blocking outside IP Addresses 16 130
RHEL 6.0 - Does it support SHA2? 7 41
Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying How To Identify the Scam Email You will see an email from someone you’ve had co…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question