[英]mcrypt seem to be not 100% reversible
I've 336 'Client' in my database 我的数据库中有336个“客户”
I tried this code to encrypt
and then decrypt
some data 我尝试使用此代码
encrypt
然后decrypt
一些数据
The esit is: Right: 323 - Wrong: 13 本质是:正确:323-错误:13
What's the reason because mcrypt
is not fully reversible ? 是什么原因导致
mcrypt
不完全可逆?
EDIT: Please don't try to change the nature of the problem, ask to my question or I'll downvote your answers. 编辑:请不要尝试更改问题的性质,询问我的问题,否则我将投票否决您的答案。 The problem it's this algorithm seems to be not 100% reversible and this is the problem, THE PROBLEM IS NOT WHY I'M USING IT
这个算法的问题似乎不是100%可逆的,这就是问题,不是我要使用它的问题
$wrong = $right = 0;
foreach ($clients as $c) {
$string_to_encode = trim($c->first_field . ":::" . $c->last_field);
$mc_key = Yii::app()->params["rijndael_key"];
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv_1 = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$crypt = trim(mcrypt_encrypt(
MCRYPT_RIJNDAEL_256,
$mc_key,
$string_to_encode,
MCRYPT_MODE_ECB,
$iv_1));
$token = urlencode(base64_encode($crypt));
$string_to_decode = base64_decode(urldecode($token));
$string_decoded = trim(mcrypt_decrypt(
MCRYPT_RIJNDAEL_256,
$mc_key,
$string_to_decode,
MCRYPT_MODE_ECB,
$iv_1));
if ($string_to_encode != $string_decoded) {
echo $string_to_encode . PHP_EOL;
echo "***** ERROR ! ***** " . PHP_EOL;
echo $string_to_encode . PHP_EOL;
echo $string_decoded . PHP_EOL;
$wrong ++;
} else {
$right ++;
}
}
echo "Right $right - Wrong $wrong" . PHP_EOL;
An exmple of differences from plain and decoded string [please note that I changed login name .... ] 与纯字符串和解码后的字符串有一些差异[请注意,我更改了登录名....]
customer.email@alice.it:::11734
customer.email@alice.it:::11z͉\wo����y�+� �>�d��x�
The algo is not 100% reversibile. 该算法不是100%可逆的。 This is the problem, this is the question... obviously I'll not use this in production... it's only a case to demo to YOU that this algo has some problem
这是问题,这是问题...很明显,我不会在生产中使用它...这只是向您演示该算法有问题的一种情况
Others have mentioned it but you are trimming the results of encryption. 其他人提到了它,但是您正在修剪加密结果。 The cipher text will appear randomly and some of the items you are encrypting will produce whitespace at the end.
密文将随机出现,并且您正在加密的某些项目将在末尾产生空格。
If you trim the cipher text you are losing information and the string will not decode properly. 如果修剪密文,则会丢失信息,并且字符串将无法正确解码。
Instead of encrypting your password, hash them . 不用加密密码,而是对它们进行哈希处理 。
It's already been addressed that you shouldn't use a two-way encryption algorithm for saving passwords, but instead a one-way hashing algorithm. 已经解决了,您不应使用双向加密算法来保存密码,而应使用单向哈希算法。
You're trimming your data ciphertext. 您正在修整数据密文。 Remove
trim()
around mcrypt_encrypt()
and you'll be fine. 删除
mcrypt_encrypt()
trim()
周围的mcrypt_encrypt()
即可。
That said, you have another problem. 也就是说,您还有另一个问题。 You generate IVs, but ECB mode doesn't use IVs, so those are useless.
您生成了IV,但是ECB模式不使用IV,因此它们是无用的。 A more secure approach to keep your ciphertext more unpredictable is to switch to CBC mode.
保持密文更加不可预测的更安全方法是切换到CBC模式。 When you do this, keep in mind that the IVs should be identical when encrypting and decrypting (ie
$iv_1
and $iv_2
should be identical). 执行此操作时,请记住,加密和解密时IV应当相同(即
$iv_1
和$iv_2
应该相同)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.