 Re: phpmyadmin's blowfish / mcrypt
BKDotCom wrote:
[color=blue]
> I'm writing an app that will use blowfish encryption..
> PHP's mcrypt will be used if available.
> if not, I'll use PHPmyadmin's blowfish.php library.
> The problem is I can't figure out what initialization vector
> blowfish.php is useing (or if that's even my problem).
>
> ie, if I encrypt with blowfish.php and decrypt with mcrypt:
>
> /* include path to phpmyadmin '/libraries/blowfish.php'; */
> $secret = 'secret';
> $string = 'test string';
> $iv = blah;
> $encrypted = PMA_blowfish_encrypt($string,$secret);
> $decrypted =
>[/color]
trim(mcrypt_decrypt(MCRYPT_BLOWFISH,$secret,base64 _decode($encrypted),MCRYPT_MODE_CBC,$iv));[color=blue]
> echo $decrypted;
>
> will output something like
> test strÙÚE¦ô<qÕ
>
> Anyhow, how do I make these two interchangeable?[/color]
Last time I played around with PHP mcrypt to any extenet I found that the
mcrypt functions were returning C type strings (terminated by '\0') for the
decryption.
Only getting partial output suggests that it may be a string termination
issue somewhere, but you're getting the key right.
I must admit to being rather in the dark regards IVs, but if you're not
supplying one to PMA_Blowfish_encrypt() why do you need one for
mcrypt_decrypt()? (it's optional anyway for CBC). Bearing in mind the issue
regarding C strings and the recommended use of mcrypt_enc_get_iv_size(),
I'd suggest that it is not only advisable to avoid using it for now, it may
even be the source of the error.
HTH
C.
| 
