Re: C# RijndaelEnhanced decrypt with php mcrypt [message #174104 is a reply to message #174066] |
Sat, 21 May 2011 21:06 |
Thomas 'PointedEars'
Messages: 701 Registered: October 2010
Karma:
|
Senior Member |
|
|
Michael Vilain wrote:
> Heiko GreenRover Henning <greenrover(at)arcor(dot)de> wrote:
>> i have a C# .net app with i decompiled. This app uses for login password
>> cryption:
>>
http://www.obviex.com/samples/Sample.aspx?Source=EncryptionWithSaltCS&T itle=En
>> cryption%20With%20Salt&Lang=C%23
>>
>> C# Code
>> rijndaelKey = new Krypto.RijndaelEnhanced(passPhrase, initVector);
>> PlainPassword =
>>
DiverseVariablen.rijndaelKey.Decrypt(Conversions.ToString(row["ProjectKennwort
>> "])))
>>
>>
>> I have pass and iv.
>>
>> How can i decrypt the passwords in php? I tryted allready several
>> variants of mcrypt_decrypt().
>>
>> Didt somene have a idea?
>>
>> Wha i dont understand is that the iv has 16 chars but it should be an
>> 256b encryption with normaly depends a 32chars iv.
>>
>> I also allready tryed a http://phpseclib.sourceforge.net/ for decryption
>> without any success.
>> http://pastebin.com/SKPG7gR2
This is Usenet, not the Web. Post your code *here*, preferably a reduced
test case.
>> Friendly regards and big thanks.
>
> http://www.obviex.com/samples/EncryptionWithSalt.aspx
>
> shows that the encryption code in C# is a "built-in" using the
> Rijndael/AES symetrical encryption algorithm.
>
> php has the crypt() function which is really a 1-way hashing algorithm.
> You can encrypt text but cannot decrypt it. Checking for a valid match
> involves taking the supplied password, text, and salt, running it
> through the crypt() function and comparing the encrypted results. If
> they match, then you have the right password. AFAIK, there's no
> built-in implementation of the same sort of encryption as in the C#
> implemntation.
>
> My guess is you are going to have to modify the C# code to do a
> php-compatible encryption. You probably won't find a php implementation
> of the C# code unless you write it yourself.
This is not about crypt(), but about _mcrypt_, and it is not about
encryption, but about _decryption_. PHP's mcrypt module, in particular its
mcrypt_decrypt() function, supports decrypting Rijndael-128, -192 and -256,
all of which are AFAIK part of the AES standard. So what are you talking
about?
<http://www.php.net/manual/en/mcrypt.ciphers.php>
PointedEars
--
Danny Goodman's books are out of date and teach practices that are
positively harmful for cross-browser scripting.
-- Richard Cornford, cljs, <cife6q$253$1$8300dec7(at)news(dot)demon(dot)co(dot)uk> (2004)
|
|
|