Welcome Guest, Not a member yet? Register   Sign In
Encryption encode / decode different result for same string. Normal?
#1

[eluser]earthdog[/eluser]
In my custom config i have a line like:

Code:
$config['encryption_key_posts'] ='vfy9SbKO!drtzwHkOvD46hGFedzaw3$l';

In a custom library i have:

Code:
class MyEncryption {

public $_CI;
public function __construct() {
    $this->_CI = & get_instance();
    $this->_CI->encrypt->set_cipher(MCRYPT_BLOWFISH);
    $this->_CI->encrypt->set_mode(MCRYPT_MODE_CBC);
}
function encode($str, $key) {
    return $this->_CI->encrypt->encode($str, $key);
}
function decode($str, $key) {
    return $this->_CI->encrypt->decode($str, $key);
    }
}

I am using it like this:

Code:
encode($_POST['post_title'],config_item('encryption_key_posts'))

and

Code:
decode($this->data['post']->post_title,config_item('encryption_key_posts'))

I am testing it with the same
Code:
post_title = 'TEST'
and i am always getting different results

like:

Code:
Gk16w123clh3RZdYbGZc8g==
L64cWTVSaxWf8xGVVCRbyQ==
Ox2H4xAizS9lsKEQHzxRgg==

Is this normal? will i have any kind of issues if i move to a different server in the future?
#2

[eluser]TheFuzzy0ne[/eluser]
No, that's normal. All of those will decode as expected.
#3

[eluser]earthdog[/eluser]
I suppose that this hsas to do with the fact that even the key is constant the IV is different every time and iv is IN the encrypted text?
#4

[eluser]RaGe10940[/eluser]
With any form of encryption (that I have used like bcrypt, or the CI encryption class) the string produced is always unique. However the decoding method will be the same as long as (as far as CI is concerned) you don't lose your key.

With bcrypt just make sure the cost stays the same.

You were probably under the impression that like MD5 or other hashing algo's the string produced would be the same, well in this case its not.

Fuzzy keeps beating me to the questions -_-
#5

[eluser]RaGe10940[/eluser]
[quote author="earthdog" date="1365592954"]I suppose that this hsas to do with the fact that even the key is constant the IV is different every time and iv is IN the encrypted text?[/quote]

All the IV does is adds more bits to the string to make it harder to decrypt.

Say for example we encrypt "meow"

if the IV is one character which is "x" we get "xmeow" giving us a encrypt string of kjbrghe (< - - just an example)

if the IV is longer we then get "ieieieiejbrghr8383MEOW" giving us -> kwjfbrehgbhljebgrelhjbgrehujbgrelhb(< - - another example)

so yes the IV is "included" in the encrypted string, but it is not just blatantly out there to viewed.

It also different due to the "random" way it gets calculated and iterated over. You should read up on how AES or w/e encryption algo your using encrypts the strings.
#6

[eluser]RaGe10940[/eluser]
Also since you made your key public to the whole CI community I would recommend changing it btw Tongue
#7

[eluser]earthdog[/eluser]
[quote author="RaGe10940" date="1365593504"]Also since you made your key public to the whole CI community I would recommend changing it btw Tongue[/quote]

this is not the actual key Smile
#8

[eluser]TheFuzzy0ne[/eluser]
I think that what's basically happening is that a random salt is added to the string, so if you used it to encrypt passwords, even if two users had the same password, the generated string would be different. With that said, passwords should most certainly not be encrypted with two-way encryption. I just thought I'd use that as an example. Smile
#9

[eluser]earthdog[/eluser]
[quote author="TheFuzzy0ne" date="1365605182"]I think that what's basically happening is that a random salt is added to the string, so if you used it to encrypt passwords, even if two users had the same password, the generated string would be different. With that said, passwords should most certainly not be encrypted with two-way encryption. I just thought I'd use that as an example. Smile[/quote]

Of course!

For password hashing i am using this library which is excellent as it implements the new php 5.5 password_hash function in older php versions.

https://github.com/ircmaxell/password_compat




Theme © iAndrew 2016 - Forum software by © MyBB