[WEB SECURITY] Re: What problem have this Rijndael(.NET&PHP) code?

Peter Conrad conrad at tivano.de
Fri Dec 15 10:08:10 EST 2006


Hi,

Am Freitag, 15. Dezember 2006 01:35 schrieb 김영일:
> I want to decrypt data. but, Result data(decrypted data) don't same input
> data.
>
> What's problem?.  My code is a bottom.
> * C#.NET Encrypt function
>
> private string EncryptString(string InputText, string Password)
> {
>
>  RijndaelManaged RijndaelCipher = new RijndaelManaged();
>  RijndaelCipher.Mode = CipherMode.ECB;
>
>  byte[] PlainText = System.Text.Encoding.Unicode.GetBytes(InputText);
>
>  byte[] Salt = Encoding.ASCII.GetBytes(Password.Length.ToString());
>  PasswordDeriveBytes SecretKey = new PasswordDeriveBytes(Password, Salt);
>
>   ICryptoTransform Encryptor =
> RijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32),
> SecretKey.GetBytes(16)); MemoryStream memoryStream = new MemoryStream();
>  CryptoStream cryptoStream = new CryptoStream(memoryStream, Encryptor,
> CryptoStreamMode.Write); cryptoStream.Write(PlainText, 0,
> PlainText.Length);
>  cryptoStream.FlushFinalBlock();
>  byte[] CipherBytes = memoryStream.ToArray();
>  memoryStream.Close();
>  cryptoStream.Close();
>
>  string EncryptedData = Convert.ToBase64String(CipherBytes);
>  return EncryptedData;
> }
>
>
>
> * PHP(mcrypt) Decrypt function
>
> function decrypt($decrypt,$key) {
>    $decoded = base64_decode($decrypt);
>    $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256,
> MCRYPT_MODE_ECB), strlen($key)); $decrypted =
> mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_ECB, $iv);
> return $decrypted;
> }

I'm not familiar with C# and not very with PHP, but to me it looks
like you're using a different IV for decrypting than for encrypting.
That won't work.

Bye,
	Peter
-- 
Peter Conrad                        Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH             Fax: +49 6102 / 80 99 071
Bahnhofstr. 18                      http://www.tivano.de/
63263 Neu-Isenburg

Germany

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list