php mcrypt_decrypt() issue

Question

I'm passing information from one page another with following php code..

Index.php page:

<?php
include("secure/content/database/db.php");
$sql = mysql_query("SELECT * FROM press");
while($re =  mysql_fetch_array($sql))
{   


$id= (int) $re['id'];                   

$key = "bladeyeshibbir?1%59";

$size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM)       

$encrypted_data=mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $id, MCRYPT_MODE_ECB, $iv);

$id = urlencode(base64_encode($encrypted_data));

$page = mysql_real_escape_string(trim($re['pagename']));
$content = mysql_real_escape_string(trim($re['content']));
echo "<li><a href='press.php?id=$id&request=$md'>$page</a></li>";
            }

            ?>

Press.php page

<?php
include("secure/content/database/db.php");
include("header.php");

$id = $_REQUEST["id"];
$key = "bladeyeshibbir?1%59#";

$size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM)       

$decrypted_data=mcrypt_decrypt(MCRYPT_3DES, $key, $id, MCRYPT_MODE_CBC, $iv); 
$url_id = base64_decode(urldecode($decrypted_data));

$request = $_REQUEST['request'];

$sql = mysql_query("SELECT * FROM press WHERE id='$url_id'  ");
$re = mysql_fetch_array($sql);

$pagename = mysql_real_escape_string(trim($re['pagename']));
$content = mysql_real_escape_string(trim($re['content']));  

echo "<title>$pagename</title>";

echo $content;

include("fotter.php");

?>

BUT I'm getting this error:

Warning: mcrypt_decrypt() [function.mcrypt-decrypt]: Attempt to use an empty IV, which is NOT recommend in C:\xampp\htdocs\audock\press.php on line 10.

Actually, what I want is that the user can't see the actual value of the query string variable.

score 0 · Answer 1 · answered Mar 13 '14 at 16:46

0

Example with a zero byte iv

$encrypted_data=mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $id, MCRYPT_MODE_ECB, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");

answered Mar 13 '14 at 16:46

Thorsten Niehues

13,712
22
78
113

score 0 · Accepted Answer · answered Mar 11 '12 at 14:12

0

Check out this post. You shouldn't use mcrypt_ecb with mcrypt_decrypt, you should use mcrypt_encrypt. Then, when encrypting with mcrypt_encrypt you'll need to create an Initialization Vector with mcrypt_create_iv (docs here) which you should afterwards use for decrypting as well.

answered Mar 11 '12 at 14:12

El Barto

919
1
5
18

Why are you using your custom IV instead of using the `mcryp_create_iv ` function? Also, try passing the same IV to the encrypt and the decrypt functions. – El Barto Mar 11 '12 at 14:48
What do you mean by "nothing"? Is it giving you the same error, is it not doing what you expect? I see in your code you're calling descrypt more than once, so try commenting out the calls you're not using. Also I'm not sure how `mycript_create_iv` works, but you're calling it twice (once in every file) and I'm not sure if they produce the same output. You should check that too. – El Barto Mar 11 '12 at 14:58

php mcrypt_decrypt() issue

2 Answers2