WebApp Sec mailing list archives

Re: What problem have this Rijndael(.NET&PHP) code?

From: Peter Conrad <conrad () tivano de>
Date: Fri, 15 Dec 2006 16:08:10 +0100

Hi,

Am Freitag, 15. Dezember 2006 01:35 schrieb 김영일:

I want to decrypt data. but, Result data(decrypted data) don't same input
data.

What's problem?.  My code is a bottom.
* C#.NET Encrypt function

private string EncryptString(string InputText, string Password)
{

 RijndaelManaged RijndaelCipher = new RijndaelManaged();
 RijndaelCipher.Mode = CipherMode.ECB;

 byte[] PlainText = System.Text.Encoding.Unicode.GetBytes(InputText);

 byte[] Salt = Encoding.ASCII.GetBytes(Password.Length.ToString());
 PasswordDeriveBytes SecretKey = new PasswordDeriveBytes(Password, Salt);

  ICryptoTransform Encryptor =
RijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32),
SecretKey.GetBytes(16)); MemoryStream memoryStream = new MemoryStream();
 CryptoStream cryptoStream = new CryptoStream(memoryStream, Encryptor,
CryptoStreamMode.Write); cryptoStream.Write(PlainText, 0,
PlainText.Length);
 cryptoStream.FlushFinalBlock();
 byte[] CipherBytes = memoryStream.ToArray();
 memoryStream.Close();
 cryptoStream.Close();

 string EncryptedData = Convert.ToBase64String(CipherBytes);
 return EncryptedData;
}



* PHP(mcrypt) Decrypt function

function decrypt($decrypt,$key) {
   $decoded = base64_decode($decrypt);
   $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256,
MCRYPT_MODE_ECB), strlen($key)); $decrypted =
mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_ECB, $iv);
return $decrypted;
}


I'm not familiar with C# and not very with PHP, but to me it looks
like you're using a different IV for decrypting than for encrypting.
That won't work.

Bye,
        Peter
-- 
Peter Conrad                        Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH             Fax: +49 6102 / 80 99 071
Bahnhofstr. 18                      http://www.tivano.de/
63263 Neu-Isenburg

Germany

-------------------------------------------------------------------------
Sponsored by: Watchfire

Today's hackers exploit web applications to expose, embarrass and even
steal. Firewalls and SSL may be commonplace but recent studies indicate 3
out of 4 websites remain vulnerable to attack. Watchfire's "Addressing
Challenges in Application Security" whitepaper, explains what to do and
provides a guideline to improving your own application security.
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU
--------------------------------------------------------------------------

Current thread:

What problem have this Rijndael(.NET&PHP) code? 김영일 (Dec 15)
- Re: What problem have this Rijndael(.NET&PHP) code? Peter Conrad (Dec 18)
- Message not available
  - Re: What problem have this Rijndael(.NET&PHP) code? Scott C. Sanchez (Dec 18)
- Re: What problem have this Rijndael(.NET&PHP) code? Jamie Riden (Dec 18)