dongzong1866 2014-11-29 03:31
浏览 54
已采纳

使用mcrypt编码bcrypt字符串

Using PHP, I've created the following set of functions witch ultimately takes a string (password) and applies a bcrypt encryption to it. Furthermore, it generates a key to use with mcrypt then applies that to the bcrypt string (along with base64 to simplify the string) to then insert into a database for storage.
From this when decoding I decrypt the mcrypt encryption applied to the hash and then use password_verify() to then validate it.

However, I am not able to get password_verify() to validate the hash if it has been run through the mcrypt process, even though after it has been decoded the two strings (one from the encode function and one from the decode) are IDENTICAL.

The encode function looks like this:

function passwordEncode($string) {
    $hash = password_hash($string, PASSWORD_BCRYPT, ['cost' => 12]);

    $key = generateKey();

    $encrypt = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key."******", $hash, MCRYPT_MODE_ECB));

    return [$encrypt, $key, $hash];
}

This would return:

[0] ENCRYPT: lTzVGcAY1jkuawebFG/9ZI4O5f/+4hjZHRewstOBAAJwQlYydLJ+B+2QHg9A16qjCUe7FHfTacPzmvH+xnT4rQ==
[1] KEY: 122593420654793b0ee4efc932
[2] HASH: $2y$10$k/4gM1jMIMxnmfBMgrML6enMgqIvnZp2EzPU.G64P3Bb3MDrwJj8e

The HASH index is only for debugging purposes to provide an output hash that has not been run through the mcrypt process

The decode function looks like this: 

function passwordDecode($string, $key) {
    $decrypt = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key."******", base64_decode($string), MCRYPT_MODE_ECB);

    return $decrypt;
}

This would return:

DECRYPT: $2y$10$k/4gM1jMIMxnmfBMgrML6enMgqIvnZp2EzPU.G64P3Bb3MDrwJj8e

Using the raw hash that hasn't been run through mcrypt returns Verified

$encode = passwordEncode("password");
if(password_verify("password", $encode[2])) {
    echo 'Verified';
} else {
    echo 'Not verified';
}

However using the hash run through mcrypt encryption and decryption returns Not verified

$encode = passwordEncode("password");
if(password_verify("password", passwordDecode($encode[0], $encode[1]))) {
    echo 'Verified';
} else {
    echo 'Not verified';
}

After spending hours essentially grinding my forehead against a cheese grater, I still haven't been able to figure out what mcrypt is doing to the string to unverify it. I've made an attempt at searching for invisible characters (keyword attempt) but other than that I'm out of ideas as to what the cause is.

Edit: also, this returns not verified

$encode = passwordEncode("password");
if($encode[2]==passwordDecode($encode[0], $encode[1])) {
    echo 'Verified';
} else {
    echo 'Not verified';
}

So something's being done to the string...I just don't know what

  • 写回答

1条回答 默认 最新

  • doujia7779 2014-11-29 14:50
    关注

    For some stupid reason PHP includes the \0 valued characters that are used as zero padding by mcrypt in the decrypted plaintext. Even more stupid, those seem to be included in the base64 decoding performed by password_verify as well, which make it fail without explicit reason. This kind of stupidity makes PHP one of the worst environments to use for security related functions.

    So without further ado, the rewritten functions that perform rtrim, in a piece of code that can be run on it's own. Requires either PHP 5.5 or password_compat :

    <?php

# uncomment for PHP 5.3/5.4
# require "lib/password.php";

function generateKey() {
    $fp = @fopen('/dev/urandom','rb');
    if ($fp !== FALSE) {
        $key = @fread($fp, 16);
        @fclose($fp);
        return $key;
    }
    return null;
}

function hashPassword($password) {
    $hash = password_hash($password, PASSWORD_BCRYPT, array('cost' => 12));
    return $hash;
}

function encryptHash($key, $hash) {
    # encrypt using unsafe ECB mode and without AES
    $encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $hash, MCRYPT_MODE_ECB);
    $encoded = base64_encode($encrypted);
    return $encoded;
}

function decryptHash($key, $ciphertext) {
    $decoded = base64_decode($ciphertext);
    $decryptedHash = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_ECB);
    # remove stupid zero padding
    $decryptedHash = rtrim($decryptedHash, "\0");
    return $decryptedHash;
}

$hash = hashPassword("password");

if(password_verify("password", $hash)) {
    echo 'Verified' . PHP_EOL;
} else {
    echo 'Not verified' . PHP_EOL;
}

$key = generateKey();
$encrypted = encryptHash($key, $hash);
$decrypted = decryptHash($key, $encrypted);

if(password_verify('password', $decrypted)) {
    echo 'Verified' . PHP_EOL;
} else {
    echo 'Not verified' . PHP_EOL;
}
?>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

  • 使用mcrypt编码bcrypt字符串 php
    2014-11-29 03:31
    回答 1 已采纳 For some stupid reason PHP includes the \0 valued characters that are used as zero padding by mcry
  • PHP mcrypt - mcrypt在连接字符串中分别隐藏每个字符串 php
    2017-02-14 02:37
    回答 1 已采纳 I can't say why mcrypt_encrypt is not respecting the CBC mode of operation (without seeing actual
  • PHP简单的字符串加密和解密 php
    2014-06-21 15:10
    回答 1 已采纳 MCrypt does not add those == characters to the string, the base 64 encoding does. It is possible t
  • sha1 php 函数,php中sha1()函数的定义和用法汇总
    2021-03-24 10:39
    拐个王子回古墓的博客 PHP加密函数—sha1()函数加密首先我们先介绍下什么是 sha1 ?sha的全称是:Secure Hash Algorithm(安全哈希算法)主要适用于数字签名标准 (Digital Signature Standard DSS)里面定义的数字签名算法(Digital Signature...
  • PHP mcrypt相同的尾随字符 php
    2013-04-10 05:00
    回答 1 已采纳 The similar result is due to the ECB cipher block mode where each block is encrypted separately. U
  • php mcrypt:为什么要在字符串输入上添加空格? php
    2012-11-21 12:30
    回答 1 已采纳 The sources you have provided all use nearly exactly the same code. I can only assume they stole t
  • 解密java中的字符串,在php使用AES加密 java php
    2015-04-13 10:23
    回答 1 已采纳 There are some problems with your code. Your key in Java is only 31 characters long and not 32.
  • php验证密码与确认密码一致,php – 从password_hash()确定salt
    2021-04-29 10:00
    良大师的博客 我用bcrypt哈希我的密码(因为我运行php 5.3.10,实际上是password_compat)我想将函数的结果字符串拆分为两部分:使用的盐和散列本身. (我知道使用password_verify()来验证密码.但是我需要使用哈希作为密钥来加密更...
  • 无法在PHP中将mcrypt升级为openssl解密 php
    2018-10-05 19:53
    回答 1 已采纳 The main issue here is the key size. You're creating the key with SHA256 which returns a 256 bit h
  • php使用mcrypt_create_iv php
    2012-02-25 18:40
    回答 3 已采纳 If you want to generate random numbers, use mt_rand: $random = mt_rand(0, 999999); If you want
  • 服务器上未启用PHP扩展名mcrypt php
    2017-02-04 21:53
    回答 2 已采纳 PHP doesn't compile mcrypt by default. you first have to have mcrypt installed You need to compi
  • php7的新特性
    2018-04-09 00:04
    D_Weirdo的博客 转载至 https://blog.csdn.net/h330531987/article/details/74364681PHP7 已经出来1年了,PHP7.1也即将和大家见面,这么多好的特性,好的方法,为什么不使用呢,也希望PHP越来越好。 在这里整理 PHP 5.1 ,PHP5.2,...
  • 使用AES 256 C#php加密和解密非常长的字符串 c# php
    2014-01-28 14:32
    回答 1 已采纳 You're using CBC-mode in PHP and ECB in C# so after the first block things will go wrong. You need
  • php7 新特性整理
    2017-07-04 23:58
    Houzhyan的博客 PHP7 已经出来1年了,PHP7.1也即将和大家见面,这么多好的特性,好的方法,为什么不使用呢,也希望PHP越来越好。  在这里整理 PHP 5.1 ,PHP5.2,PHP5.3,PHP5.4,PHP5.5,PHP5.6 ,PHP7,PHP7.1 所有新特性,已备大家...
  • PHP特性整合(PHP5.X到PHP7.1.x)
    2016-10-01 21:22
    风.foxwho的博客 1PHP7 已经出来1年了,PHP7.1也即将和大家见面,这么多好的特性,好的方法,为什么不使用呢,也希望PHP越来越好。 在这里整理 PHP 5.1 ,PHP5.2,PHP5.3,PHP5.4,PHP5.5,PHP5.6 ,PHP7,PHP7.1 所有新特性,已备大家学习...
  • PHP版本对比【转】
    2017-03-21 18:35
    weixin_30296405的博客 其他历史... php5.3 改动: 1、realpath() 现在是完全与平台无关的. 结果是非法的相对路径比如FILE.... 2、call_user_func() 系列函数即使被调用者是一个父类也使用 $this. 3、数组函数 natsort(), na...
  • 加密算法应用之密码保护
    2019-05-10 14:44
    bjspo的博客 将密钥包含到哈希字符串中,或使用密钥哈希算法HMAC。 加密:Hmac(“密钥”,“HASH值”) 使用建议: 1.大部分针对数据库的入侵都是由于SQL注入攻击,因此不要给攻击者进入本地文件系统的权限(禁止数据库服务...
  • PHP常用函数
    2019-09-29 12:23
    an4455的博客 开始使用 scrypt, bcrypt 或 PBKDF2 将一个字符串转换成一个密钥 # 密钥是 16 进制字符串格式 $key = pack ('H*', "bcb04b7e103a0cd8b54763051cef08bc55abe029fdebae5e1d417e2ffb2a00a3" ); # 显示 ...
  • 2020 PHP安全指南
    2019-09-13 14:51
    chongluo0179的博客 2019 年,大多数的科技工作者 — 尤其是 Web 开发者 — 必须摈弃掉关于开发安全 PHP 应用的老一套。这对那些不相信能够开发出安全的 PHP 应用的人来说尤其重要. 这篇指南应该作为 PHP: The Right Way 这本电子书...
  • 加盐密码哈希:如何正确使用
    2019-10-03 08:35
    baipai8449的博客 一个好的做法是使用和哈希函数输出的字符串等长的盐值,比如SHA256算法的输出是256bits(32 bytes),那么盐值也至少应该是32个随机字节。 错误二:两次哈希和组合哈希函数 (译注:此节标题原文中的Wacky Hash ...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥100 Jenkins自动化部署—悬赏100元
  • ¥15 关于#python#的问题:求帮写python代码
  • ¥20 MATLAB画图图形出现上下震荡的线条
  • ¥15 关于#windows#的问题:怎么用WIN 11系统的电脑 克隆WIN NT3.51-4.0系统的硬盘
  • ¥15 perl MISA分析p3_in脚本出错
  • ¥15 k8s部署jupyterlab,jupyterlab保存不了文件
  • ¥15 ubuntu虚拟机打包apk错误
  • ¥199 rust编程架构设计的方案 有偿
  • ¥15 回答4f系统的像差计算
  • ¥15 java如何提取出pdf里的文字?