Posted by Colin McKinnon on 06/08/05 11:32

BKDotCom wrote:

> I'm writing an app that will use blowfish encryption..
> PHP's mcrypt will be used if available.
> if not, I'll use PHPmyadmin's blowfish.php library.
> The problem is I can't figure out what initialization vector
> blowfish.php is useing (or if that's even my problem).
>
> ie, if I encrypt with blowfish.php and decrypt with mcrypt:
>
> /* include path to phpmyadmin '/libraries/blowfish.php'; */
> $secret = 'secret';
> $string = 'test string';
> $iv = blah;
> $encrypted = PMA_blowfish_encrypt($string,$secret);
> $decrypted =
>
trim(mcrypt_decrypt(MCRYPT_BLOWFISH,$secret,base64_decode($encrypted),MCRYPT_MODE_CBC,$iv));
> echo $decrypted;
>
> will output something like
> test strÙÚE¦ô<qÕ
>
> Anyhow, how do I make these two interchangeable?

Last time I played around with PHP mcrypt to any extenet I found that the
mcrypt functions were returning C type strings (terminated by '\0') for the
decryption.

Only getting partial output suggests that it may be a string termination
issue somewhere, but you're getting the key right.

I must admit to being rather in the dark regards IVs, but if you're not
supplying one to PMA_Blowfish_encrypt() why do you need one for
mcrypt_decrypt()? (it's optional anyway for CBC). Bearing in mind the issue
regarding C strings and the recommended use of mcrypt_enc_get_iv_size(),
I'd suggest that it is not only advisable to avoid using it for now, it may
even be the source of the error.

HTH

C.

[Back to original message]