|
|
| Re: C# RijndaelEnhanced decrypt with php mcrypt [message #174066 is a reply to message #174048] |
Fri, 20 May 2011 22:39   |
Michael Vilain
Messages: 88
Registered: September 2010
Karma: 0
|
Member |
|
|
In article <4dd63095$0$6547$9b4e6d93(at)newsspool4(dot)arcor-online(dot)net>,
Heiko GreenRover Henning <greenrover(at)arcor(dot)de> wrote:
> hi
>
> i have a C# .net app with i decompiled. This app uses for login password
> cryption:
> http://www.obviex.com/samples/Sample.aspx?Source=EncryptionWithSaltCS&T itle=En
> cryption%20With%20Salt&Lang=C%23
>
> C# Code
> rijndaelKey = new Krypto.RijndaelEnhanced(passPhrase, initVector);
> PlainPassword =
> DiverseVariablen.rijndaelKey.Decrypt(Conversions.ToString(row["ProjectKennwort
> "])))
>
>
> I have pass and iv.
>
> How can i decrypt the passwords in php? I tryted allready several
> variants of mcrypt_decrypt().
>
> Didt somene have a idea?
>
> Wha i dont understand is that the iv has 16 chars but it should be an
> 256b encryption with normaly depends a 32chars iv.
>
> I also allready tryed a http://phpseclib.sourceforge.net/ for decryption
> without any success.
> http://pastebin.com/SKPG7gR2
>
> Friendly regards and big thanks.
http://www.obviex.com/samples/EncryptionWithSalt.aspx
shows that the encryption code in C# is a "built-in" using the
Rijndael/AES symetrical encryption algorithm.
php has the crypt() function which is really a 1-way hashing algorithm.
You can encrypt text but cannot decrypt it. Checking for a valid match
involves taking the supplied password, text, and salt, running it
through the crypt() function and comparing the encrypted results. If
they match, then you have the right password. AFAIK, there's no
built-in implementation of the same sort of encryption as in the C#
implemntation.
My guess is you are going to have to modify the C# code to do a
php-compatible encryption. You probably won't find a php implementation
of the C# code unless you write it yourself.
--
DeeDee, don't press that button! DeeDee! NO! Dee...
[I filter all Goggle Groups posts, so any reply may be automatically ignored]
|
|
|
|
| Re: C# RijndaelEnhanced decrypt with php mcrypt [message #174104 is a reply to message #174066] |
Sat, 21 May 2011 21:06 |
Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma: 0
|
Senior Member |
|
|
Michael Vilain wrote:
> Heiko GreenRover Henning <greenrover(at)arcor(dot)de> wrote:
>> i have a C# .net app with i decompiled. This app uses for login password
>> cryption:
>>
http://www.obviex.com/samples/Sample.aspx?Source=EncryptionWithSaltCS&T itle=En
>> cryption%20With%20Salt&Lang=C%23
>>
>> C# Code
>> rijndaelKey = new Krypto.RijndaelEnhanced(passPhrase, initVector);
>> PlainPassword =
>>
DiverseVariablen.rijndaelKey.Decrypt(Conversions.ToString(row["ProjectKennwort
>> "])))
>>
>>
>> I have pass and iv.
>>
>> How can i decrypt the passwords in php? I tryted allready several
>> variants of mcrypt_decrypt().
>>
>> Didt somene have a idea?
>>
>> Wha i dont understand is that the iv has 16 chars but it should be an
>> 256b encryption with normaly depends a 32chars iv.
>>
>> I also allready tryed a http://phpseclib.sourceforge.net/ for decryption
>> without any success.
>> http://pastebin.com/SKPG7gR2
This is Usenet, not the Web. Post your code *here*, preferably a reduced
test case.
>> Friendly regards and big thanks.
>
> http://www.obviex.com/samples/EncryptionWithSalt.aspx
>
> shows that the encryption code in C# is a "built-in" using the
> Rijndael/AES symetrical encryption algorithm.
>
> php has the crypt() function which is really a 1-way hashing algorithm.
> You can encrypt text but cannot decrypt it. Checking for a valid match
> involves taking the supplied password, text, and salt, running it
> through the crypt() function and comparing the encrypted results. If
> they match, then you have the right password. AFAIK, there's no
> built-in implementation of the same sort of encryption as in the C#
> implemntation.
>
> My guess is you are going to have to modify the C# code to do a
> php-compatible encryption. You probably won't find a php implementation
> of the C# code unless you write it yourself.
This is not about crypt(), but about _mcrypt_, and it is not about
encryption, but about _decryption_. PHP's mcrypt module, in particular its
mcrypt_decrypt() function, supports decrypting Rijndael-128, -192 and -256,
all of which are AFAIK part of the AES standard. So what are you talking
about?
<http://www.php.net/manual/en/mcrypt.ciphers.php>
PointedEars
--
Danny Goodman's books are out of date and teach practices that are
positively harmful for cross-browser scripting.
-- Richard Cornford, cljs, <cife6q$253$1$8300dec7(at)news(dot)demon(dot)co(dot)uk> (2004)
|
|
|
|
|
|
| Re: C# RijndaelEnhanced decrypt with php mcrypt [message #174156 is a reply to message #174153] |
Mon, 23 May 2011 17:35 |
Michael Vilain
Messages: 88
Registered: September 2010
Karma: 0
|
Member |
|
|
In article <ire4r2$fap$1(at)dont-email(dot)me>,
Trevor <trevorREMOVE(at)holyoak(dot)com> wrote:
> This is somewhat similar to a problem I faced last week. I ended up
> putting the functionality I needed into a custom assembly and then using
> this to call it from PHP: http://universalccw.sourceforge.net/
>
> - Trevor
>
> On 5/20/2011 3:12 AM, Heiko GreenRover Henning wrote:
>> hi
>>
>> i have a C# .net app with i decompiled. This app uses for login password
>> cryption:
>> http://www.obviex.com/samples/Sample.aspx?Source=EncryptionWithSaltCS&T itle=
>> Encryption%20With%20Salt&Lang=C%23
>>
>>
>> C# Code
>> rijndaelKey = new Krypto.RijndaelEnhanced(passPhrase, initVector);
>> PlainPassword =
>> DiverseVariablen.rijndaelKey.Decrypt(Conversions.ToString(row["ProjectKennwo
>> rt"])))
>>
>>
>>
>> I have pass and iv.
>>
>> How can i decrypt the passwords in php? I tryted allready several
>> variants of mcrypt_decrypt().
>>
>> Didt somene have a idea?
>>
>> Wha i dont understand is that the iv has 16 chars but it should be an
>> 256b encryption with normaly depends a 32chars iv.
>>
>> I also allready tryed a http://phpseclib.sourceforge.net/ for decryption
>> without any success.
>> http://pastebin.com/SKPG7gR2
>>
>> Friendly regards and big thanks.
>>
Yep.
--
DeeDee, don't press that button! DeeDee! NO! Dee...
[I filter all Goggle Groups posts, so any reply may be automatically ignored]
|
|
|
|
| Re: C# RijndaelEnhanced decrypt with php mcrypt [message #174173 is a reply to message #174104] |
Tue, 24 May 2011 10:58 |
Heiko GreenRover Henn
Messages: 2
Registered: May 2011
Karma: 0
|
Junior Member |
|
|
Am 21.05.2011 23:06, schrieb Thomas 'PointedEars' Lahn:
> This is not about crypt(), but about _mcrypt_, and it is not about
> encryption, but about _decryption_. PHP's mcrypt module, in particular its
> mcrypt_decrypt() function, supports decrypting Rijndael-128, -192 and -256,
> all of which are AFAIK part of the AES standard. So what are you talking
> about?
I try to decrypt or crypt the nter passweord to compare crypted strings.
But both dont work.
I treyed nearly all variants of mcrypt and phpseclib.
|
|
|
|
| Re: C# RijndaelEnhanced decrypt with php mcrypt [message #174179 is a reply to message #174173] |
Tue, 24 May 2011 21:29 |
Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma: 0
|
Senior Member |
|
|
Heiko Henning wrote:
> Am 21.05.2011 23:06, schrieb Thomas 'PointedEars' Lahn:
>> This is not about crypt(), but about _mcrypt_, and it is not about
>> encryption, but about _decryption_. PHP's mcrypt module, in particular
>> its mcrypt_decrypt() function, supports decrypting Rijndael-128, -192 and
>> -256, all of which are AFAIK part of the AES standard. So what are you
>> talking about?
>
> I try to decrypt or crypt the nter passweord to compare crypted strings.
> But both dont work.
That's too bad.
> I treyed nearly all variants of mcrypt and phpseclib.
Try the remaining ones.
You might also want to consider posting to de.comp.lang.php instead.
[en] <http://www.catb.org/~esr/faqs/smart-questions.html>
[de] <http://www.tty1.net/smart-questions_de.html>
PointedEars
--
Anyone who slaps a 'this page is best viewed with Browser X' label on
a Web page appears to be yearning for the bad old days, before the Web,
when you had very little chance of reading a document written on another
computer, another word processor, or another network. -- Tim Berners-Lee
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]