Jump to content


Photo

Php && Blowfish Encryption

php blowfish encryption

  • Please log in to reply
2 replies to this topic

#1 RobertP

RobertP

    Advanced Member

  • Members
  • PipPipPip
  • 288 posts

Posted 07 December 2012 - 12:34 AM

I am just curious, is this the correct way to implement blowfish encryption?

class:
<?php

/*
 * @package "Gludoe CMS"
 * @version 1.0.1
 * @authors "Robert Pettet"
 * @support https://www.gludoe.com/
 * @licence https://www.gludoe.com/commons/licence-1.0.0.txt
 */

if (!defined('_ROOT'))
    exit(header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found'));

class Blowfish {

    private $key;
    private $iv;

    public function __construct($key, $iv) {
        $this->key = $key;
        $this->iv = $iv;
    }

    public function encrypt($data) {
        return mcrypt_encrypt(MCRYPT_BLOWFISH, $this->key, $data, MCRYPT_MODE_CBC, $this->iv);
    }

    public function decrypt($data) {
        return mcrypt_decrypt(MCRYPT_BLOWFISH, $this->key, $data, MCRYPT_MODE_CBC, $this->iv);
    }

}

?>

example:
$blowfish = new blowfish('DfRgBWE4Y4T7UgTWEdFP1Y','85440934');
$data = $blowfish->encrypt('testString');
echo $blowfish->decrypt($data);
//Output: testString

u tha king Pikachu2000!!

#2 RobertP

RobertP

    Advanced Member

  • Members
  • PipPipPip
  • 288 posts

Posted 07 December 2012 - 07:42 PM

Just wondering if anyone has used blowfish in php, not as hash, but for encryption and decryption.. like my above example (which is working, but i would like some feed back).

This is used to communicate over https from my server / clients, and if my clients are using a shared / insecure server, i need to know that information can remain intact..
u tha king Pikachu2000!!

#3 thehippy

thehippy

    Advanced Member

  • Members
  • PipPipPip
  • 209 posts
  • LocationAbove the 44 parallel

Posted 10 December 2012 - 04:23 AM

Bruce Schneier has some test vectors for the algorithm on his site. You could write some tests to verify your usage. Whenever docs are not explaining how to use a function its best to download the source and view the tests and those will show you how to use it. The mcrypt extension tests actually uses Schneier's vectors. See ./php-5.4.9-src/ext/mcrypt/tests/blowfish.phpt

As for transmitting and receiving data just make sure keep an eye on encoding, the web stack tends to be loose and wild with it, that is character encoding, server-side gzip and so on. You may want to put in checks to make sure outdated versions of SSL/TLS are not being used. As for communicating with a shared server, you may want to include checks on where you put your data, make sure the file or database doesn't have shared or group read permissions, make sure not to use temporary directories as they can be shared locations, use secure network connection to the database, et cetera.

Trust but verify.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com