Yii加密和解密密码

Question

I'm using Yii CSecurityManager for Password encryption:

$this->securityManager->encrypt('TEST', '1');

*the TEST is the string to encrypt and the 1 is the key.

but when i test before i decrypt i find that the value keeps changing.

for ($index = 0; $index < 10; $index++) {
        $EncPassword = $this->securityManager->encrypt('TEST', '1');
        echo $EncPassword;
    }

i'm relying on this value in another part of my application...I dug into the encrypt password i see that it is in fact random:

public function encrypt($data,$key=null)
{
    $module=$this->openCryptModule();
    $key=$this->substr($key===null ? md5($this->getEncryptionKey()) : $key,0,mcrypt_enc_get_key_size($module));
    srand();
    $iv=mcrypt_create_iv(mcrypt_enc_get_iv_size($module), MCRYPT_RAND);
    mcrypt_generic_init($module,$key,$iv);
    $encrypted=$iv.mcrypt_generic($module,$data);
    mcrypt_generic_deinit($module);
    mcrypt_module_close($module);
    return $encrypted;
}

so my question is how can i encrypt based on a key and get the same value each time?

thanks, Danny

Answer 1

In principle you can create the same ciphertext each time. Just use a static IV and you would have accomplished it. It would however mean that you would leak information about the passwords. Identical passwords would have the same ciphertext for different users.

If you really want to have the same ciphertext, prepend the first 16 bytes of a hash over the username to the password and encrypt with a zero IV. Note that this still could leak a bit of information about the password in time.

Note that using the ciphertext value for other means than storage of the plain text is a very bad idea in general.