3

I'm trying to encrypt a string using symmetric key encryption (blowfish) with PHP 5.2.9 (on a 32-bit Linux OS) and using phpseclib 1.0.3 (running in internal mode), the sample code I'm using it's pretty simple:

include('Crypt/Blowfish.php');

$cipher = new Crypt_Blowfish();
$data = 'abcdefghijk';

$cipher->setKey('abcdef0123456789abcdefghi9876543');

echo bin2hex($cipher->encrypt($data));

the generated output is (PHP 5.2.9 - 32-bit Linux OS):

0e1651fc54dd530757fc1711b696dac5

But I've tried the same code with other servers (PHP 7.07, PHP 5.3.3, PHP 5.0.4) and ALL of them generate this (all of them are 64-bit Linux OS):

ad7145c675b1c914bbfe379dc7293bf3

I suppose that the PHP 5.2.9 output is wrong. What could be the cause of this? Any clues?

Nibble
  • 101
  • 6
  • Ok, looks like a problem with this instruction on line 439 of "Crypt/Blowfish.php": `$this->bctx['p'][] = $this->parray[$i] ^ $data`. Apparently this XOR bitwise operator (^) return different results depending on the values and the type of OS (32Bit or 64Bit). For example, this code: `$a=2242054355; $b=1701195825; $result = $a ^ $b; echo $result;` Returns -523945758 on 32-bit systems or returns 3771021538 on 64-bit systems. So looks like the problem is related to the type of OS and not the version of PHP (I'll edit the title later). – Nibble Sep 22 '16 at 13:18
  • See, also, https://github.com/phpseclib/phpseclib/issues/1038 – neubert Sep 23 '16 at 18:03
  • wow it works like a charm . thank you –  Sep 28 '16 at 07:38

1 Answers1

2

It was a problem related to float to int conversions on 32-bit Linux pre-PHP 5.3. Developers of phpseclib fixed the issue on version 1.0.4 & 2.0.4

Nibble
  • 101
  • 6