[英]Decrypting PHP MCRYPT_RIJNDAEL_256 in Ruby
I have a database filled with encrypted passwords that I need to decrypt in Ruby for a platform change. 我有一个填充了加密密码的数据库,我需要在Ruby中解密以进行平台更改。 How can I port this PHP code to Ruby?
如何将这个PHP代码移植到Ruby? Have tried to use OpenSSL in Ruby with AES_256 but getting 'Bad Decrypt' errors and also errors that my key ($salt) isn't long enough.
尝试过使用带有AES_256的Ruby中的OpenSSL,但是出现'Bad Decrypt'错误以及我的密钥($ salt)不够长的错误。
In the example below, $salt is a 25 character string. 在下面的示例中,$ salt是一个25个字符的字符串。
This is the PHP decryption function: 这是PHP解密功能:
function decrypt_password($text, $salt)
{
return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256,
$salt, base64_decode($text), MCRYPT_MODE_ECB,
mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB),
MCRYPT_RAND)));
}
There is a ruby library for mcrypt as well. mcrypt还有一个ruby库。 See below for a sample implementation:
请参阅下面的示例实现:
require 'mcrypt'
require 'base64'
# base64_decode() equivalent
encrypted = Base64.decode64(text)
# preparing Mcrypt library for Rijndael cipher, 256 bits, ECB mode
cipher = Mcrypt.new(:rijndael_256, :ecb, salt, nil, :zeros)
# padding required
encrypted = encrypted.ljust((encrypted.size / 32.0).ceil * 32, "\0")
# decrypt using Rijndael
decrypted = cipher.decrypt(encrypted).strip
Dependencies: libmcrypt
依赖关系:
libmcrypt
sudo apt-get install libmcrypt-dev
(Ubuntu/Debian) sudo apt-get install libmcrypt-dev
(Ubuntu / Debian) sudo yum install libmcrypt-devel
(RHEL/CentOS/Fedora) sudo yum install libmcrypt-devel
(RHEL / CentOS / Fedora) Gems: mcrypt
宝石:
mcrypt
gem install ruby-mcrypt
MCRYPT_RIJNDAEL_256
algorithm does not implement AES, it implements Rijndael using a 256 bit block size. MCRYPT_RIJNDAEL_256
算法没有实现AES,它实现的Rijndael使用256位的块大小。 This is not a default mode, you can find an implementation for Ruby here . 这不是默认模式,您可以在此处找到Ruby的实现。
Furthermore, you seem to be using the $salt
variable as a key. 此外,您似乎使用
$salt
变量作为键。 Keys are automatically extended to the next available key size. 密钥会自动扩展到下一个可用密钥大小。 For 25 byte keys I presume a 256 bit (32 byte) key will be used.
对于25 字节密钥,我假设将使用256位(32字节)密钥。 This is the
$salt
value, extended with bytes valued 00
. 这是
$salt
值,扩展为值为00
字节。 Note that I'm presuming that each character is encoded as a single byte on your system. 请注意,我假设每个字符都编码为系统中的单个字节。
As a final surprise, you may safely disregard the mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)
part of the code, as ECB mode does not use an IV, so the value it returns is fully ignored. 最后一个意外,您可以安全地忽略代码的
mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)
部分,因为ECB模式不使用IV,因此它返回的值被完全忽略。 Note that using ECB mode for strings - and therefore also passwords of course - is not secure. 请注意,对字符串使用ECB模式 - 当然也使用密码 - 并不安全。
You should, at the very minimum use AES CBC with a random IV. 您应该至少使用带有随机IV的AES CBC。 And you should consider using bcrypt instead of encryption if you don't need the value of the passwords itself.
如果您不需要密码本身的值,则应考虑使用bcrypt而不是加密。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.