WebApp Sec mailing list archives
Re: What problem have this Rijndael(.NET&PHP) code?
From: Peter Conrad <conrad () tivano de>
Date: Fri, 15 Dec 2006 16:08:10 +0100
Hi, Am Freitag, 15. Dezember 2006 01:35 schrieb 김영일:
I want to decrypt data. but, Result data(decrypted data) don't same input data. What's problem?. My code is a bottom. * C#.NET Encrypt function private string EncryptString(string InputText, string Password) { RijndaelManaged RijndaelCipher = new RijndaelManaged(); RijndaelCipher.Mode = CipherMode.ECB; byte[] PlainText = System.Text.Encoding.Unicode.GetBytes(InputText); byte[] Salt = Encoding.ASCII.GetBytes(Password.Length.ToString()); PasswordDeriveBytes SecretKey = new PasswordDeriveBytes(Password, Salt); ICryptoTransform Encryptor = RijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32), SecretKey.GetBytes(16)); MemoryStream memoryStream = new MemoryStream(); CryptoStream cryptoStream = new CryptoStream(memoryStream, Encryptor, CryptoStreamMode.Write); cryptoStream.Write(PlainText, 0, PlainText.Length); cryptoStream.FlushFinalBlock(); byte[] CipherBytes = memoryStream.ToArray(); memoryStream.Close(); cryptoStream.Close(); string EncryptedData = Convert.ToBase64String(CipherBytes); return EncryptedData; } * PHP(mcrypt) Decrypt function function decrypt($decrypt,$key) { $decoded = base64_decode($decrypt); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), strlen($key)); $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_ECB, $iv); return $decrypted; }
I'm not familiar with C# and not very with PHP, but to me it looks like you're using a different IV for decrypting than for encrypting. That won't work. Bye, Peter -- Peter Conrad Tel: +49 6102 / 80 99 072 [ t]ivano Software GmbH Fax: +49 6102 / 80 99 071 Bahnhofstr. 18 http://www.tivano.de/ 63263 Neu-Isenburg Germany ------------------------------------------------------------------------- Sponsored by: Watchfire Today's hackers exploit web applications to expose, embarrass and even steal. Firewalls and SSL may be commonplace but recent studies indicate 3 out of 4 websites remain vulnerable to attack. Watchfire's "Addressing Challenges in Application Security" whitepaper, explains what to do and provides a guideline to improving your own application security. Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU --------------------------------------------------------------------------
Current thread:
- What problem have this Rijndael(.NET&PHP) code? 김영일 (Dec 15)
- Re: What problem have this Rijndael(.NET&PHP) code? Peter Conrad (Dec 18)
- Message not available
- Re: What problem have this Rijndael(.NET&PHP) code? Scott C. Sanchez (Dec 18)
- Re: What problem have this Rijndael(.NET&PHP) code? Jamie Riden (Dec 18)