Solved

How do I encrypt a string and get a equal length encrypted string?

Posted on 2011-02-20
12
968 Views
Last Modified: 2012-05-11
How do I encrypt a string and get a equal length encrypted string? And if i use that algorithm, can the attackers crack my key when they have plaintext and ciphertext?

(it relate to PHP and MySQL)
0
Comment
Question by:joaqujnsec
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 6

Expert Comment

by:akajohn
ID: 34938355
As a starting point depending on your requirements, you do need to chose between these two main methods of encryption.

http://www.suse.de/~garloff/Writings/mutt_gpg/node3.html

Otherwise in general the longer the key the harder it is to crack. otherwise if people are able tocrack it is going to take them years to crack it after which the information they obtain could be no longer useful.

Once you choose a mechanism then we would point you to an implementation of the said algorithm.
Hope this helps,

A.
0
 

Expert Comment

by:tsteens
ID: 34949249
As akajohn says you need to deside on wheter to use symmetric or assymetric encryption. What are you going to use encryption for?  If you just want to encrypt what is in your database MySQL supports encryption. http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html. AES is generally considered the safest algorithm, but there are never any real guarantee against cryptoanalasys.
If you want to secure passwords for storage in your database a hash algorithm will probably be better suited. A hash algorithm will always return a string of the same length. http://en.wikipedia.org/wiki/Hash_function
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 34949419
This one gets asked from time to time. There are learned papers here:

http://eprint.iacr.org/2001/012
http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ffsem/ffsem-spec.pdf

but the basic idea is this.

If you try re-encrypting the output of an otherwise ordinary algo (such as aes) enough times, eventually you end up with one the same size or smaller than the one you entered. (I.E. there are enough trailing zeros you can truncate to original size and that the remainder is zeros can be read as implicit)

Conversely, if you decrypt, and the output is larger than the input, you re-decrypt until you get a result with enough trailing zeros that you can truncate it to input size, and end up with the value you started with.

Note that these will be arbitrary non-ascii strings though - raw binary - and probably not printable.
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 

Author Comment

by:joaqujnsec
ID: 34996128
Can you give me PHP example code for encrypt and decrypt with the same output length?
0
 

Expert Comment

by:tsteens
ID: 34996164
What is the purpose of the encryption and why do you need a consistent output length?
0
 

Expert Comment

by:tsteens
ID: 35024595
Have you found out what you need yet?

It would be really useful to know what you are going to use the encryption for in order to give you a good answer. However the following encrypts a string with AES.
  I've slightly modified the example from http://phpseclib.sourceforge.net/documentation/sym_crypt.html#sym_crypt_aes. You need to install the AES part of the PHP Secure Communications Library. From PEAR folow instructions here: http://phpseclib.sourceforge.net/pear.htm.

The output shows the length of the ciphertext after each encryption. I get...
10256
10272
10288
... which shows an increase in the length of the cipher text. I've not been able to find a PHP implementation of the cipher mode described in the links posted by DaveHowe.

Please let me know if this is helpful or if you need more help. A more precise description of the problem you are trying to solve would be very helpful.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 35357313
Up to you, really - I gave the answer, but wasn't willing to code it for him as there would be considerable work involved.
0
 

Expert Comment

by:tsteens
ID: 35357410
I agree with DaveHowe. He posted a possible solution, but joaqujnsec hasn't really given the enough inpout to verify if that is the best solution. There are several easier ways to work with encryption, but it really comes down to the specific problem he is trying to solve.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 35365409
 The most common problem for which this is the specific is the case where an existing database must be post-facto encrypted, often without the active co-operation of the original program. There is usually a fixed-sized record that must contain the data both before and after the encryption is applied, and no opportunity to modify the backend engine to obscure the data but provide views to it that contain either dummy data returns, a hash, or the unencrypted data depending on the rights of the user requesting.

  There are better solutions if you can alter front or back end to suit, but this one is surprisingly common in situations where a company has suddenly found a requirement to protect captured data (usually a regulatory requirement) but does not wish to remove that data entirely.
0
 
LVL 27

Expert Comment

by:Rainer Meller
ID: 35422453
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
Make the most of your online learning experience.
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question