2

我的加密/解密结果完全令人困惑。我有两个不同的字符串需要编码和稍后解码,加密的字符串存储在两者之间的 MySQL 数据库中。这些字符串中的第一个出来就好了。但是,第二个总是从解密中返回值 FALSE。我已经去掉了所有非必要因素,并直接将“test”的明文值传递给两个加密例程。同样,第一个正确返回(作为“测试”),第二个返回为“假”)。

我正用头撞墙,试图弄清楚我做错了什么。我在两个文件中使用相同的密码和相同的盐。怎么可能一个会起作用,而第二个不会呢???

一条线索:如果我把这段代码放到一个单独的 php 文件中并绕过数据库,一切正常。不知道该怎么做,但至少它很有趣。

这是代码。加密/解密例程来自 php 站点上用于 mcrypt 的用户帖子。任何人都可以看到吗?这可能是一件愚蠢的事情。

设置值.php

$encrypted_email_pw = encrypt("test", $password);
$encrypted_default_pw = encrypt("test", $password);

$sql = "UPDATE Settings 
        SET email_password='$encrypted_email_pw', 
            default_pw='$encrypted_default_pw'
        WHERE id='$id'";
$result = mysql_query($sql);

获取值.php

$sql = "SELECT * FROM Settings";
$result = mysql_query($sql);
$row = mysql_fetch_array($result); //there is only one row in this table

$decrypted_email_pw = decrypt($row['email_password'], $password);
$decrypted_default_pw = decrypt($row['default_pw'], $password);

echo $decrypted_email_pw . " | " . $decrypted_default_pw;
//output:  test | false
die();

密码.php

<?php

    function encrypt($decrypted, $password, $salt='6rVDB?zKe6batB+k') { 

        // Build a 256-bit $key which is a SHA256 hash of $salt and $password.
        $key = hash('SHA256', $salt . $password, true);

        // Build $iv and $iv_base64.  
        // We use a block size of 128 bits (AES compliant) and CBC mode.  
        // (Note: ECB mode is inadequate as IV is not used.)
        srand(); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_RAND);
        if (strlen($iv_base64 = rtrim(base64_encode($iv), '=')) != 22) return false;

        // Encrypt $decrypted and an MD5 of $decrypted using $key.  
        // MD5 is fine to use here because it's just to verify successful decryption.
        $encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $decrypted . md5($decrypted), MCRYPT_MODE_CBC, $iv));

        // We're done!
        return $iv_base64 . $encrypted;
    } 

    function decrypt($encrypted, $password, $salt='6rVDB?zKe6batB+k') {

        // Build a 256-bit $key which is a SHA256 hash of $salt and $password.
        $key = hash('SHA256', $salt . $password, true);

        // Retrieve $iv which is the first 22 characters plus ==, base64_decoded.
        $iv = base64_decode(substr($encrypted, 0, 22) . '==');

        // Remove $iv from $encrypted.
        $encrypted = substr($encrypted, 22);

        // Decrypt the data.  
        // rtrim won't corrupt the data because the last 32 characters are the md5 hash; 
        // thus any \0 character has to be padding.
        $decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, base64_decode($encrypted), MCRYPT_MODE_CBC, $iv), "\0\4");

        // Retrieve $hash which is the last 32 characters of $decrypted.
        $hash = substr($decrypted, -32);

        // Remove the last 32 characters from $decrypted.
        $decrypted = substr($decrypted, 0, -32);

        // Integrity check.  If this fails, either the data is corrupted, or the password/salt was incorrect.
        if (md5($decrypted) != $hash) return false;

        return $decrypted;
    }

?>
4

1 回答 1

2

您是否检查了设置表中的两列?它们是否具有相同的数据类型?你确定 encrypt() 和 decrypt() 方法工作正常吗?

完成这项工作后,您应该考虑为每个密码使用随机生成的盐,并将盐与密码一起存储在表中。

于 2013-08-13T20:20:03.280 回答