PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Fri Jun 05, 2020 2:16 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 10 posts ] 
Author Message
PostPosted: Tue Feb 07, 2012 6:38 pm 
Offline
Forum Newbie

Joined: Tue Feb 07, 2012 6:29 pm
Posts: 5
Hi everyone,

I've been sifting through this forum trying to learn as much as I can about how to correctly use mcrypt. I'd appreciate comments on what I've got so far:

Syntax: [ Download ] [ Hide ]
function encrypt($decrypted, $password) {
 $key = md5($password);
 $decrypted = rtrim($decrypted, "\0\4");
 $hash = md5($decrypted);
 $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC), MCRYPT_RAND);
 $encrypted = trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $decrypted, MCRYPT_MODE_CBC, $iv)));
 return $hash . "\n----------\n" . base64_encode($iv) . "\n----------\n" . $encrypted;
 }

function decrypt($encrypted, $password) {
 $key = md5($password);
 list($hash, $iv, $encrypted) = explode("\n----------\n", $encrypted, 3);
 $decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($encrypted), MCRYPT_MODE_CBC, base64_decode($iv)), "\0\4");
 if (md5($decrypted) != $hash) return false;
 return $decrypted;
 }
 


Questions:

1) I've read that using the password as the key is bad. Is an md5 of the password sufficient?

2) The script and the data are stored in the filesystem of the server. The password is to be memorized and entered by the operator. Should I salt the key, and if so, how and why?

3) Is there any issue with storing the iv or md5 of the data in clear text?

Thanks to anyone who can answer any of my questions or offer advice about my code to make it more secure.


Top
 Profile  
 
PostPosted: Wed Feb 08, 2012 7:30 am 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
PostPosted: Wed Feb 08, 2012 10:55 am 
Offline
Forum Newbie

Joined: Tue Feb 07, 2012 6:29 pm
Posts: 5
Thanks for your reply. Pardon my n00bness. If my data were attacked, the attacker would also have access to the script, and thus the salt. So how would the hash of salt+password be more secure?

So you're saying I should replace the key with hash('sha256', 'asdf324!.#qQ' . $password)?


Top
 Profile  
 
PostPosted: Wed Feb 08, 2012 4:10 pm 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
PostPosted: Wed Feb 08, 2012 5:10 pm 
Offline
Forum Newbie

Joined: Tue Feb 07, 2012 6:29 pm
Posts: 5
Ok, but if I don't use a salt in preparing the hashed key, the attacker would still have to break the hashed value or do a dictionary attack against the password...no?


Top
 Profile  
 
PostPosted: Thu Feb 09, 2012 1:37 am 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za
Yes, the salt is merely extra protection against this; storing the password hash makes it vulnerable to rainbow tables;

Have a look at some of these urls in the form

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
PostPosted: Thu Feb 09, 2012 9:35 am 
Offline
Forum Newbie

Joined: Tue Feb 07, 2012 6:29 pm
Posts: 5
But I'm not storing the password hash.


Top
 Profile  
 
PostPosted: Thu Feb 09, 2012 9:43 am 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za
:) my bad; i meant the key

Edit
Thinking about this again you probably don't want to store the key outright but store a salt value; this salt value + the password makes up the key. I'm not sure if this is what i conveyed earlier because i re-read the original post and found that i might have explained poorly

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
PostPosted: Fri Feb 10, 2012 5:18 am 
Offline
DevNet Resident
User avatar

Joined: Sun Sep 03, 2006 5:19 am
Posts: 1579
Location: Sofia, Bulgaria
A few quick notes:
- Salting is basically for adding entropy to weak passwords. If you're not going to allow users to key this encryption, you can just pick a strong password and not deal with salts at all.
- There are that provide encryption + authentication; I'm not sure if PHP's mcrypt supports them though
- If not, you're better off with encrypting the plaintext, then keeping a HMAC of the encrypted text, then you can check for validity of the data without decrypting it.
- Why are you doing those trims? Seems like a bug to me, they will damage the data.

On your questions:
1) In all human-password-keyed systems you'd use the password as a master key to generate other keys. What you do seems fine, provided that the password is strong enough (i.e. it's entirely under your control)
2) See above about salting. May be useful, may be not.
3) No, there is no need for the IV or the data integrity hash to be secret, but see above for hashing plaintext vs hashing the encrypted text.


Top
 Profile  
 
PostPosted: Fri Feb 10, 2012 1:30 pm 
Offline
Forum Newbie

Joined: Tue Feb 07, 2012 6:29 pm
Posts: 5
Thank you for your reply :)


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group