Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Encryption library - can't decode old values despite not changing encryption key
Encryption library - can't decode old values despite not changing encryption key
  • El Forum
    Guest
  •  
#1
03-11-2010, 03:51 AM

[eluser]mattpointblank[/eluser]
Hi everyone.

My webstore app records sensitive user info in the database using CI's Encryption class.

Previously, an encrypted name looked like this:

Code:
AhsPNQclUTwBJFY3

Today they look like this:

Code:
Y/R9x2qO/qnj6zn9uhv4Lvy1gPuo+8dqKc0dNSh8JczHQt8HVdhZyMb1uLBdBeP9BrM/u1C+E7dm1A7/G6XQLA==

I haven't changed my encryption key (double and triple checked this). The key is the same on my local (test) app and on my remote (live) app.

The odd part is that when I try to decrypt order information on my local server, it can only decrypt orders which use the 'short' form of the encryption. When I run the same operation on the live server, it can only decrypt the 'long' ones. I verified that both sites are using the same encryption key, and they run off the same database.

Does anyone have any idea what this could be? 90% of the data stored in the database was generated on the live site, and we've never had an issue with this before until yesterday.

Thanks
Matt
  • El Forum
    Guest
  •  
#2
03-11-2010, 05:39 AM

[eluser]mattpointblank[/eluser]
One thing I have a possible theory about - our webhost may have recently upgraded our PHP install. Could that change the type of hashes generated (and break the older ones)?
  • El Forum
    Guest
  •  
#3
03-11-2010, 07:18 AM

[eluser]mattpointblank[/eluser]
The plot thickens!

Since determining that the remote server seems to be generating different hashes, I decided to regenerate all of them on the remote site for consistency.

1. I duplicated my encrypted table and decrypted all of it locally.
2. Checked the table and all of the data was there in plain text again.
3. On the remote site I then encrypted all of the data again
4. Checked the table, everything seems to be encrypted
5. Tried decrypting the data on the remote site, it all comes up like '������X�G94�'.

What's going on?! Sad
  • El Forum
    Guest
  •  
#4
03-12-2010, 04:06 AM

[eluser]mattpointblank[/eluser]
Seem to have figured this out. I re-encrypted everything on the remote server but changed the database columns to TEXT (they were TINYBLOB before on advice of the PHP manual) - this worked.




Theme © iAndrew 2016 - Forum software by © MyBB