Page 1 of 1
PHP - Security Encryption using MCRYPT
Posted: Sun Sep 07, 2008 6:13 pm
by adreck_php
Hello fellow php users -
I have created two functions make_secure and make_unsecure - the function make_secure is works fine and is used along with a string which posts encrypted data to a specific cell in a database. I use a proprietary method for locking and unlocking the encryption with a "key". After decryption I need to display the data which is working with one minor error. after unlocking my decryption with the following code my original string is properly displayed with the addition of a series of question marks in diamonds - this is mostly an aesthetic problem, though there could be additional problems.
So anyone with any ideas as to why my code is working correctly, but adding extra characters on to the decrypted string would be extremely helpful.
Thanks
Adreck
function make_unsecure($variable) {
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$key = $pwd;
$decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $variable, MCRYPT_MODE_ECB, $iv);
return $decrypttext; }
Re: PHP - Security Encryption using MCRYPT
Posted: Mon Sep 08, 2008 1:59 am
by s.dot
I wrote this comment on php.net a while ago.. it may be wrong but it worked for me.
Since the returned data seems to be still padded with extra characters, you can get *only* the original data that was encrypted by str_replace()'ing the \x0 characters.
<?php
$decryptedData = str_replace("\x0", '', $encryptedData);
?>
Re: PHP - Security Encryption using MCRYPT
Posted: Mon Sep 08, 2008 3:51 am
by arjan.top
use trim()
Re: PHP - Security Encryption using MCRYPT
Posted: Mon Sep 08, 2008 8:17 am
by adreck_php
Thank you!
Your suggestions are very much appreciated and worked very well. I had though of something similar but I had completed forgotten this as an option.
Thanks
Adreck
Re: PHP - Security Encryption using MCRYPT
Posted: Mon Sep 08, 2008 4:07 pm
by Mordred
This is
wrong.
1. ECB is insecure
2. ECB doesn't need IV
3. The way of creating the IV is insecure
4. The IV must be created on
encryption, then the same value is to be used for decryption. "Lucky" for you, ECB doesn't use the IV, so your code "works"

5. $key = $pwd; Ah, so it's not your real code (this one can never work), and yet you want security advice.
6. Do not use a password as the encryption key
I use a proprietary method for locking and unlocking the encryption with a "key"
Huh? This is what all encryption does. What's so novel in your method? (And just in case you missed the memo, in crypto novel = bad)
Re: PHP - Security Encryption using MCRYPT
Posted: Tue Sep 09, 2008 7:42 am
by adreck_php
1. ECB is insecure
2. ECB doesn't need IV
3. The way of creating the IV is insecure
4. The IV must be created on
encryption, then the same value is to be used for decryption. "Lucky" for you, ECB doesn't use the IV, so your code "works"

5. $key = $pwd; Ah, so it's not your real code (this one can never work), and yet you want security advice.
6. Do not use a password as the encryption key
I use a proprietary method for locking and unlocking the encryption with a "key"
Huh? This is what all encryption does. What's so novel in your method? (And just in case you missed the memo, in crypto novel = bad)
Hello - thanks for posting, $pwd was a placing holding variable for a function which generates the unique key.
And, yes I do want security advice. Is using mcrypt a bad idea? Also what did you mean on line 5. (this one can never work)
I am interested to hear your input.
Thanks
Adreck
Re: PHP - Security Encryption using MCRYPT
Posted: Tue Sep 09, 2008 3:19 pm
by Mordred
I didn't say mcrypt is inherently insecure (I'm not in a position to say so, as I haven't studied it)
I said that using the ECB mode is insecure; ECB should never be used unless one really really knows what he's doing. For noobs - no ECB, period.
Use mcrypt_list_modes() to see what modes are available on your system, and choose CRT or CBC. Both need an IV, which has to be securely generated, which means you shouldn't pick the MCRYPT_RAND mode. You may experience delays with the other modes, but such is the price of security.
Btw, don't use trim() as suggested above, use at least rtrim(). The most correct way will be to include a fixed-size header containing the length of the encoded message.
It is quite important how you generate $pwd.
P.S. I am amused that using ECB (with IV, no less!) is advocated in the sample given in the mcrypt docs. It's horribly wrong :/
Re: PHP - Security Encryption using MCRYPT
Posted: Tue Sep 09, 2008 4:20 pm
by adreck_php
Thanks - you certainly know what you're talking about. I appreciate you assistance. While total time is somewhat a concern for this project security is certainly a higher priority. I will take all your suggestions under advisement.
Do you have any thoughts on SHA256 hashing?
Thanks
Re: PHP - Security Encryption using MCRYPT
Posted: Tue Sep 09, 2008 5:05 pm
by Mordred
Nah, I'm far from an expert in cryptography, what I know, and cite, comes from the basic books
Time spent in crypto is a tradeoff - better random makes better entropy makes better security at the price of using the "slower" random sources. You might be able to do passably well with MCRYPT_RAND-based IVs as well (it has only 32 bits of entropy, as it's based on rand()). It depends on what you do with the cryptography and what is the level of acceptable risk.
SHA256 is currently the "best" (for a given value of "best"

) hashing function out there, so use it. Depending on what you use it for, there are some caveats. If it's for passwords, read this:
viewtopic.php?t=62782. If it's for MAC, make sure you follow the exact HMAC specifications, anything less may not be secure.
Re: PHP - Security Encryption using MCRYPT
Posted: Wed Sep 10, 2008 12:55 pm
by arjan.top
Mordred wrote:Nah, I'm far from an expert in cryptography, what I know, and cite, comes from the basic books

any good books on that topic?
Re: PHP - Security Encryption using MCRYPT
Posted: Wed Sep 10, 2008 3:25 pm
by Mordred
Practical Cryptography by Schneier and Ferguson
http://schneier.com/book-practical.html is a good tradeoff between size and detail. Applied Cryptography (by Schneier alone) has more gory details, and cool protocols like secure elections. I've heard (but not yet read it) that this one
http://www.cacr.math.uwaterloo.ca/hac/ is the ultimate reference for the math geeks, but not for the faint of heart otherwise.
The last one is published for free personal use,
http://www.cacr.math.uwaterloo.ca/hac/about/chap7.pdf -- here's the relevant chapter on block ciphers and their operating modes.
Having just read the paragraphs on ECB and CBC in HAC, I find that Practical Cryptography offers a better and more detailed explanation on the related problems and solutions. I don't have AC on me for a three-way compare, and anyway, different books have different strengths, so read as many as you can
I have read about the historical ciphers online, and I can't recall a specific source. I do recommend studying them though, as their making and breaking will help you understand better the problems that cryptography faces.
Re: PHP - Security Encryption using MCRYPT
Posted: Wed Sep 10, 2008 4:19 pm
by arjan.top
tnx Mordred, I think I would go with Practical Cryptography for a start
Re: PHP - Security Encryption using MCRYPT
Posted: Fri Sep 19, 2008 8:04 pm
by allicient
Hi adreck_php,
Eh... the phrase :
I use a proprietary method for locking and unlocking the encryption
, doesn't sound good to start with, but lets roll with it for now.
Your problem is related to padding, you need to ensure your have a consistent and reliable way of padding and unpadding your data - you'll probably not notice it in a simple text app, but it will badly break things in anything more complicated unless you sort it.
Simple question, is the database hosted on the same server as the webserver? If it is, don't bother with encryption - it wouldn't protect against anything. If it is on a different host, most databases have facilities to encrypt the database storage - if its available use that instead, and make sure the connection is over SSL/TLS. You do know that whatever you do, if your webserver is compromised then the data is compromised anyway?
I'll second Mordred's comments: ECB doesn't use an IV, also check out
http://en.wikipedia.org/wiki/Block_ciph ... _operation for a nice visual for why ECB is bad

Also blindly using a password as the key is particularly bad practice. You should use a key derivation function, check out the PKCS standards for guidance (basically, you'll need to use a hash-function). I'm not too up on MCRYPT (used it a while back but can't remember details), but anyway you'll probably want your IV to come from /dev/urandom.
Mordred also mentioned an HMAC, this (in very specific constraints) would ensure that the data isn't modified by an advesary (which you obviously would want).
Regards,
Peter