Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: What problem have this Rijndael(.NET&PHP) code?

from [Peter Conrad] Network Security [Permanent Link]
Subject: Re: What problem have this Rijndael(.NET&PHP) code?
Date: Fri, 15 Dec 2006 16:08:10 +0100 
Hi,

Am Freitag, 15. Dezember 2006 01:35 schrieb 김영일:

I want to decrypt data. but, Result data(decrypted data) don't same input
data.

What's problem?.  My code is a bottom.
* C#.NET Encrypt function

private string EncryptString(string InputText, string Password)
{

 RijndaelManaged RijndaelCipher = new RijndaelManaged();
 RijndaelCipher.Mode = CipherMode.ECB;

 byte[] PlainText = System.Text.Encoding.Unicode.GetBytes(InputText);

 byte[] Salt = Encoding.ASCII.GetBytes(Password.Length.ToString());
 PasswordDeriveBytes SecretKey = new PasswordDeriveBytes(Password, Salt);

  ICryptoTransform Encryptor =
RijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32),
SecretKey.GetBytes(16)); MemoryStream memoryStream = new MemoryStream();
 CryptoStream cryptoStream = new CryptoStream(memoryStream, Encryptor,
CryptoStreamMode.Write); cryptoStream.Write(PlainText, 0,
PlainText.Length);
 cryptoStream.FlushFinalBlock();
 byte[] CipherBytes = memoryStream.ToArray();
 memoryStream.Close();
 cryptoStream.Close();

 string EncryptedData = Convert.ToBase64String(CipherBytes);
 return EncryptedData;
}



* PHP(mcrypt) Decrypt function

function decrypt($decrypt,$key) {
   $decoded = base64_decode($decrypt);
   $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256,
MCRYPT_MODE_ECB), strlen($key)); $decrypted =
mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_ECB, $iv);
return $decrypted;
}


I'm not familiar with C# and not very with PHP, but to me it looks
like you're using a different IV for decrypting than for encrypting.
That won't work.

Bye,
        Peter
-- 
Peter Conrad                        Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH             Fax: +49 6102 / 80 99 071
Bahnhofstr. 18                      http://www.tivano.de/
63263 Neu-Isenburg

Germany

-------------------------------------------------------------------------
Sponsored by: Watchfire

Today's hackers exploit web applications to expose, embarrass and even 
steal. Firewalls and SSL may be commonplace but recent studies indicate 3 
out of 4 websites remain vulnerable to attack. Watchfire's "Addressing 
Challenges in Application Security" whitepaper, explains what to do and 
provides a guideline to improving your own application security. 
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Ruining Security with java.util.Random, Jan P. Monsch
Next by Date:  Web Backdoor Compilation, David Kierznowski
Previous by Thread:  What problem have this Rijndael(.NET&PHP) code?, 김영일
Next by Thread:  Re: What problem have this Rijndael(.NET&PHP) code?, Scott C. Sanchez
Indexes:  [Date] [Thread] [Top] [All Lists]