PHP - Security Encryption using MCRYPT

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
adreck_php
Forum Newbie
Posts: 9
Joined: Sun Sep 07, 2008 6:01 pm

PHP - Security Encryption using MCRYPT

Post by adreck_php »

Hello fellow php users -

I have created two functions make_secure and make_unsecure - the function make_secure is works fine and is used along with a string which posts encrypted data to a specific cell in a database. I use a proprietary method for locking and unlocking the encryption with a "key". After decryption I need to display the data which is working with one minor error. after unlocking my decryption with the following code my original string is properly displayed with the addition of a series of question marks in diamonds - this is mostly an aesthetic problem, though there could be additional problems.

So anyone with any ideas as to why my code is working correctly, but adding extra characters on to the decrypted string would be extremely helpful.

Thanks

Adreck

function make_unsecure($variable) {
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$key = $pwd;
$decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $variable, MCRYPT_MODE_ECB, $iv);
return $decrypttext; }
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Re: PHP - Security Encryption using MCRYPT

Post by s.dot »

I wrote this comment on php.net a while ago.. it may be wrong but it worked for me.
Since the returned data seems to be still padded with extra characters, you can get *only* the original data that was encrypted by str_replace()'ing the \x0 characters.

<?php
$decryptedData = str_replace("\x0", '', $encryptedData);
?>
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
User avatar
arjan.top
Forum Contributor
Posts: 305
Joined: Sun Oct 14, 2007 4:36 am
Location: Hoče, Slovenia

Re: PHP - Security Encryption using MCRYPT

Post by arjan.top »

use trim()
adreck_php
Forum Newbie
Posts: 9
Joined: Sun Sep 07, 2008 6:01 pm

Re: PHP - Security Encryption using MCRYPT

Post by adreck_php »

Thank you!

Your suggestions are very much appreciated and worked very well. I had though of something similar but I had completed forgotten this as an option.

Thanks

Adreck
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: PHP - Security Encryption using MCRYPT

Post by Mordred »

This is wrong.

1. ECB is insecure
2. ECB doesn't need IV
3. The way of creating the IV is insecure
4. The IV must be created on encryption, then the same value is to be used for decryption. "Lucky" for you, ECB doesn't use the IV, so your code "works" :)
5. $key = $pwd; Ah, so it's not your real code (this one can never work), and yet you want security advice.
6. Do not use a password as the encryption key
I use a proprietary method for locking and unlocking the encryption with a "key"
Huh? This is what all encryption does. What's so novel in your method? (And just in case you missed the memo, in crypto novel = bad)
adreck_php
Forum Newbie
Posts: 9
Joined: Sun Sep 07, 2008 6:01 pm

Re: PHP - Security Encryption using MCRYPT

Post by adreck_php »

1. ECB is insecure
2. ECB doesn't need IV
3. The way of creating the IV is insecure
4. The IV must be created on encryption, then the same value is to be used for decryption. "Lucky" for you, ECB doesn't use the IV, so your code "works" :)
5. $key = $pwd; Ah, so it's not your real code (this one can never work), and yet you want security advice.
6. Do not use a password as the encryption key
I use a proprietary method for locking and unlocking the encryption with a "key"
Huh? This is what all encryption does. What's so novel in your method? (And just in case you missed the memo, in crypto novel = bad)
Hello - thanks for posting, $pwd was a placing holding variable for a function which generates the unique key.

And, yes I do want security advice. Is using mcrypt a bad idea? Also what did you mean on line 5. (this one can never work)

I am interested to hear your input.

Thanks

Adreck
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: PHP - Security Encryption using MCRYPT

Post by Mordred »

I didn't say mcrypt is inherently insecure (I'm not in a position to say so, as I haven't studied it)
I said that using the ECB mode is insecure; ECB should never be used unless one really really knows what he's doing. For noobs - no ECB, period.

Use mcrypt_list_modes() to see what modes are available on your system, and choose CRT or CBC. Both need an IV, which has to be securely generated, which means you shouldn't pick the MCRYPT_RAND mode. You may experience delays with the other modes, but such is the price of security.

Btw, don't use trim() as suggested above, use at least rtrim(). The most correct way will be to include a fixed-size header containing the length of the encoded message.

It is quite important how you generate $pwd.

P.S. I am amused that using ECB (with IV, no less!) is advocated in the sample given in the mcrypt docs. It's horribly wrong :/
adreck_php
Forum Newbie
Posts: 9
Joined: Sun Sep 07, 2008 6:01 pm

Re: PHP - Security Encryption using MCRYPT

Post by adreck_php »

Thanks - you certainly know what you're talking about. I appreciate you assistance. While total time is somewhat a concern for this project security is certainly a higher priority. I will take all your suggestions under advisement.

Do you have any thoughts on SHA256 hashing?

Thanks
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: PHP - Security Encryption using MCRYPT

Post by Mordred »

Nah, I'm far from an expert in cryptography, what I know, and cite, comes from the basic books ;)

Time spent in crypto is a tradeoff - better random makes better entropy makes better security at the price of using the "slower" random sources. You might be able to do passably well with MCRYPT_RAND-based IVs as well (it has only 32 bits of entropy, as it's based on rand()). It depends on what you do with the cryptography and what is the level of acceptable risk.

SHA256 is currently the "best" (for a given value of "best" ;) ) hashing function out there, so use it. Depending on what you use it for, there are some caveats. If it's for passwords, read this: viewtopic.php?t=62782. If it's for MAC, make sure you follow the exact HMAC specifications, anything less may not be secure.
User avatar
arjan.top
Forum Contributor
Posts: 305
Joined: Sun Oct 14, 2007 4:36 am
Location: Hoče, Slovenia

Re: PHP - Security Encryption using MCRYPT

Post by arjan.top »

Mordred wrote:Nah, I'm far from an expert in cryptography, what I know, and cite, comes from the basic books ;)
any good books on that topic?
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: PHP - Security Encryption using MCRYPT

Post by Mordred »

Practical Cryptography by Schneier and Ferguson http://schneier.com/book-practical.html is a good tradeoff between size and detail. Applied Cryptography (by Schneier alone) has more gory details, and cool protocols like secure elections. I've heard (but not yet read it) that this one http://www.cacr.math.uwaterloo.ca/hac/ is the ultimate reference for the math geeks, but not for the faint of heart otherwise.

The last one is published for free personal use, http://www.cacr.math.uwaterloo.ca/hac/about/chap7.pdf -- here's the relevant chapter on block ciphers and their operating modes.

Having just read the paragraphs on ECB and CBC in HAC, I find that Practical Cryptography offers a better and more detailed explanation on the related problems and solutions. I don't have AC on me for a three-way compare, and anyway, different books have different strengths, so read as many as you can ;)

I have read about the historical ciphers online, and I can't recall a specific source. I do recommend studying them though, as their making and breaking will help you understand better the problems that cryptography faces.
User avatar
arjan.top
Forum Contributor
Posts: 305
Joined: Sun Oct 14, 2007 4:36 am
Location: Hoče, Slovenia

Re: PHP - Security Encryption using MCRYPT

Post by arjan.top »

tnx Mordred, I think I would go with Practical Cryptography for a start
allicient
Forum Newbie
Posts: 9
Joined: Fri Sep 19, 2008 7:11 pm

Re: PHP - Security Encryption using MCRYPT

Post by allicient »

Hi adreck_php,

Eh... the phrase :
I use a proprietary method for locking and unlocking the encryption
, doesn't sound good to start with, but lets roll with it for now.

Your problem is related to padding, you need to ensure your have a consistent and reliable way of padding and unpadding your data - you'll probably not notice it in a simple text app, but it will badly break things in anything more complicated unless you sort it.

Simple question, is the database hosted on the same server as the webserver? If it is, don't bother with encryption - it wouldn't protect against anything. If it is on a different host, most databases have facilities to encrypt the database storage - if its available use that instead, and make sure the connection is over SSL/TLS. You do know that whatever you do, if your webserver is compromised then the data is compromised anyway?

I'll second Mordred's comments: ECB doesn't use an IV, also check out http://en.wikipedia.org/wiki/Block_ciph ... _operation for a nice visual for why ECB is bad :) Also blindly using a password as the key is particularly bad practice. You should use a key derivation function, check out the PKCS standards for guidance (basically, you'll need to use a hash-function). I'm not too up on MCRYPT (used it a while back but can't remember details), but anyway you'll probably want your IV to come from /dev/urandom.

Mordred also mentioned an HMAC, this (in very specific constraints) would ensure that the data isn't modified by an advesary (which you obviously would want).

Regards,

Peter
Post Reply