[Bug] Crypt encrypt != decrypt #749
Comments
|
This is not a bug but a feature, as this is how the block ciphers work. When the size of the data to encrypt is not a multiple of the cipher's block size, the data are padded with binary zeros. So, in your case, you use a cipher with the block size of 256 bits (32 bytes), but strlen('kutuzov') is only 7 bytes. Therefore When the encrypted data are passed to While you may want to Hope that helps. |
|
Thanks for the detailed answer. in this case, of course not very nice to me to use rtrim. Why then do I use this service to encrypt the password? It is easier to me to use sha1 md5 salt. |
|
This is probably how it should be implemented: http://www.php.net/manual/en/function.mcrypt-encrypt.php#105173 @phalcon if you think this solution is OK, I can prepare a pull request.
I would not encrypt passwords unless I plan to reuse them (ie, need the cleartext password for some operation), I would hash them. SHA1/MD5 aren't safe these days; you may want to look at this and this. |
|
Thanks, I will choose one of the solutions. I think it is possible to add one of them in the Phalcon Crypt in the future? |
|
I'd recommend using blowfish for passwords: http://docs.phalconphp.com/en/latest/reference/security.html#password-hashing |
|
I think is not expected remove the trailing zeros, developers that may need the complete padding will not able to recover the padding if we remove it. |
|
I use a security service for password encryption and it is working fine. $user->password = $this->security->hash($password); |
|
@phalcon For 2.3.0 we probablt can implement PKCS-7 padding, probably as separate methods. @bluntik http://www.php.net/security/crypt_blowfish.php |
|
@sjinks right Closing by now |
that something strange happens when using the encryption service.
The text was updated successfully, but these errors were encountered: