加密/散列问题
我正在编写一个小脚本,它允许我在 cookie 中存储相对安全的信息,以在不使用会话的情况下验证用户登录。输出的一部分是加密盐,在生成 hmac_hash 时使用,其中包含存储在 cookie 中的一些信息以及数据库中的一些用户信息。
然而,经过一些测试,我遇到了字符串加密/解密的问题并导致不同的哈希结果。
即:
$str = '123456abcdef';
$hash1 = sha1($str);
$v1 = do_encrypt($str);
$v2 = do_decrypt($v1);
$hash2 = sha1($v2);
我最终得到
$hash1 - d4fbef92af33c1789d9130384a56737d181cc6df
$hash2 - 0d6034f417c2cfe1d60d263101dc0f8354a1216f
但是当我回显两个字符串时,它们都是 123456abcdef。
do_encrypt 函数如下:
function do_encrypt($value) {
$salt = generate_salt();
$td = mcrypt_module_open('rijndael-256', '', 'cbc', '');
mcrypt_generic_init($td, $ek, $salt);
$encrypted_data = mcrypt_generic($td, $value);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return base64_encode($salt.$encrypted_data);
}
do_decrypt 函数:
function do_decrypt($value) {
$data = base64_decode($value);
$salt = substr($data, 0, 32);
$data = substr($data, 32, strlen($data));
$td = mcrypt_module_open('rijndael-256', '', 'cbc', '');
mcrypt_generic_init($td, $ek, $salt);
$decrypted_data = mdecrypt_generic($td, $data);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return $decrypted_data;
}
对于这两个函数,$ek 是从另一个文件中提取的加密密钥。
我试图理解为什么显示的字符相同,但实际变量不同(否则哈希结果将相同),有什么方法可以确保两个字符串对于哈希目的相同?
谢谢, 瑞安.
I'm working on a little script that will allow me to store relatively secure information in a cookie to validate a user login without the use of sessions. Part of the output is an encrypted salt to use when generating a hmac_hash with some of the information stored in the cookie, and some of the user information in the database.
However, after some testing, I've ran into a problem with the encryption/decryption of the strings and causing different hash results.
ie:
$str = '123456abcdef';
$hash1 = sha1($str);
$v1 = do_encrypt($str);
$v2 = do_decrypt($v1);
$hash2 = sha1($v2);
and I end up with
$hash1 - d4fbef92af33c1789d9130384a56737d181cc6df
$hash2 - 0d6034f417c2cfe1d60d263101dc0f8354a1216f
but when I echo both strings, they are both 123456abcdef.
The do_encrypt function is as follows:
function do_encrypt($value) {
$salt = generate_salt();
$td = mcrypt_module_open('rijndael-256', '', 'cbc', '');
mcrypt_generic_init($td, $ek, $salt);
$encrypted_data = mcrypt_generic($td, $value);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return base64_encode($salt.$encrypted_data);
}
The do_decrypt function:
function do_decrypt($value) {
$data = base64_decode($value);
$salt = substr($data, 0, 32);
$data = substr($data, 32, strlen($data));
$td = mcrypt_module_open('rijndael-256', '', 'cbc', '');
mcrypt_generic_init($td, $ek, $salt);
$decrypted_data = mdecrypt_generic($td, $data);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return $decrypted_data;
}
for both functions $ek is an encryption key pulled from another file.
I'm trying to understand why the characters that display are the same, but the actual variables are different (otherwise the hash results would be the same), and is there any way to ensure that both strings are identical for hashing purposes?
Thanks,
Ryan.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
根据评论,看起来您得到了尾随空值 - mcrypt 的块大小很可能为 32 字节,并且任何加密/解密的字符串都必须是这么多字节的倍数。
取自
mcrypt_encrypt文档:As per comments, it looks like you are getting trailing nulls - It's likely that mcrypt has a block size of 32 bytes and that any encrypted/decrypted string must be a multiple of this many bytes.
Taken from the
mcrypt_encryptdocumentation: