Jump to content


Staff Alumni
  • Posts

  • Joined

  • Last visited

  • Days Won


xyph last won the day on August 24 2013

xyph had the most liked content!

About xyph

  • Birthday 10/19/1986

Contact Methods

  • Website URL

Profile Information

  • Gender
  • Location
    Surrey, BC

xyph's Achievements

Advanced Member

Advanced Member (4/5)



  1. Seems like one of the implementations is different. That would be my only guess. Perhaps one of them uses a different number of rounds, one uses ECB instead of CBC. Figuring out what's going on here would require a thorough look at both implementations compared to the 'proper' implementation, and would be quite a bit of work.
  2. Sorry, I didn't mean the encrypted string, I meant plain text, but it's impossible for me to recreate your situation anyways. What code produced that HEX output?
  3. Can you provide the strings you're testing this with? If you're using the JavaScript program along with this, it really doesn't like odd ASCII characters for the key. The PHP implementation functions as you'd expect. I'd imagine it's some sort of injection prevention that's screwing with the JavaScript implementation. Try using keys that only use Alpha-Numeric values, and see if that helps.
  4. Complex, but potentially 'better'. Limited to 6 bits of entropy per potential 8 bits due to simplifying with base64, so you lose 25%. <?php $key = make_base64_key(16); echo $key; function make_base64_key( $bytes ) { // Based on methods implemented in PHPass by Openwall // Converts byte size we want in ASCII to byte size needed in base64 ( 6 bits / 8 bits = .75 ) $base64_bytes = ceil($bytes * .75); // Generate a 'somewhat random' state. Not ideal, but strong enough for salt generation when used in this way $state = microtime(); $raw = ''; // Attempt to use /dev/urandom if (is_readable('/dev/urandom') && ($handle = @fopen('/dev/urandom', 'rb'))) { $raw = fread($fh, $base64_bytes); fclose($fh); } // Check if using /dev/urandom produced incorrect results, or if it's inaccessible if (strlen($raw) < $base64_bytes) { // Reset $raw to blank $raw = ''; // Generate 'somewhat random' data in 16 byte chunks, and truncate at the end for ($i = 0; $i < $base64_bytes; $i += 16) { $state = md5(microtime().$state); $raw .= pack('H*', $state); } $raw = substr($raw, 0, $base64_bytes); } // Chop off the extra bytes we don't need return substr(base64_encode($raw),0,$bytes); } ?> Simple, similar to above example if /dev/urandom isn't available. This one allows you to have a variable character set too <?php $chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!@#$%^&*()_+-=[]{};:,./<>?'; $max = strlen($chars)-1; $key = ''; for( $i = 0; $i < 16; $i++ ) { $key .= $chars[mt_rand(0,$max)]; } echo $key.'<br>'; ?> It's possible to get /dev/urandom to produce values based on a variable character set, but you'd either have to use a base2 number of characters, or deal with rejection sampling or one of it's more complex adaptive algorithms.
  5. Yes, there's going to be some odd characters when switching from hex directly to ascii. There are a lot of white space and otherwise non-keyboard characters. If you want to generate your key from readable text, I'll give you a little code when I get home in an hour or so. Which version of PHP do you have? On what OS? If you have access to /dev/urandom it would be ideal, or if you have PHP5.3, it supports Window's source of random data (via mcrypt) This is all assuming you want to generate random keys.
  6. I showed you already, in my first reply. It's the same as converting to base64, only you skip the last step. $hex = '28d75A09ec63cxvxve870fad25e79b8c'; $ascii = ''; foreach( str_split($hex,2) as $chunk ) $ascii .= chr(hexdec($chunk)); $xtea = new XTEA($ascii);
  7. [edit] Tested the class. The values decrypt fine when plugged in to the JavaScript implementation, and vice-versa. It still throws the undefined variable notice, though [/edit] Your top string is hex, or base16 Your bottom string is base64. <?php $hex_string = 'B09F4FB46AD4418E51E4E09C6C11AA3A36628FBD1CC2D8AF6AD3F01467CA3910231CA851D639402758D57D49CC7D12EF8C7B215B4B50A2C8FF97A29EEEA5F575F7A8628BDB39776747E244FE5B69D8CD63A4DC805360F0CB4B894CA86B56E89099B547FEA38D16A90203FF6D6E4C64B6CA7B2B33184046E7E8646A302F636FA349C3EEF8C45C3A7443030255292B31AA22CD3A45E7722D706F31EBD7CEB0B6ED5BC160EB1CD62FAE36E845E7857C9D203430578A3C3DEBAC808F0BED62C8DF20292A5B145FA991C5'; $ascii_string = ''; foreach( str_split($hex_string,2) as $chunk ) $ascii_string .= chr(hexdec($chunk)); $base64_string = base64_encode($ascii_string); echo $base64_string; ?>
  8. In hex, 32 "characters" = 128 bits. So if your characters are only 0-9,a-f, you've got a 128 bit HEX string. To convert this to 16 characters: <?php $hex_string = md5('some string'); echo "Source HEX string: $hex_string<br> Size: ".strlen($hex_string)."<br>"; $ascii_string = ''; foreach( str_split($hex_string,2) as $chunk ) $ascii_string .= chr(hexdec($chunk)); echo "Converted to ASCII: $ascii_string<br> Size: ".strlen($ascii_string)."<br>"; echo "Confirm: ".hash('md5','some string',TRUE); ?> This isn't a good place to ask for advice on home-brew cryptographic implementations. Most PHP devs would use mcrypt(), and usually through a wrapper. I would suggest using AES, Twofish, TripleDES, etc via mcrypt() for PHP. Most languages should have implementations of those ciphers in a package.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.