What is the simplest way of doing two way encryption in common PHP installs? I need to be able to encrypt data with a string key, and use the same key to decrypt on the other end. The security isn’t as big of a concern as the portability of the code, so I’d like to … Read more
It’s best practice to hash passwords so they are not decryptable. This makes things slightly more difficult for attackers that may have gained access to your database or files. If you must encrypt your data and have it decryptable, a guide to secure encryption/decryption is available at https://paragonie.com/white-paper/2015-secure-php-data-encryption. To summarize that link: Use Libsodium – A PHP extension … Read more
This is the first page that shows up via Google and the security vulnerabilities in all the implementations make me cringe so I’m posting this to add information regarding encryption for others as it has been 7 Years from the original post. I hold a Masters Degree in Computer Engineering and spent a lot of time studying and learning … Read more
If you try to decrypt PKCS5-padded data with the wrong key, and then unpad it (which is done by the Cipher class automatically), you most likely will get the BadPaddingException (with probably of slightly less than 255/256, around 99.61%), because the padding has a special structure which is validated during unpad and very few keys … Read more
10 Marco Pontello’s TrID is a great way to determine the type of any file. TrID is simple to use. Just run TrID and point it to the file to be analyzed. The file will be read and compared with the definitions in the database. Results are presented in order of highest probability. Just download … Read more
I’m trying to decrypt SSL packages with Wireshark as described here. I have already created a SSLKEYLOGFILE System and User variable and the log file. I have restarted my computer (running Windows 10), and opened https urls with Chrome and Firefox, but none write to the ssl log file. My Chrome version is 56.0.2924.87 (64-bit) … Read more
I’m trying to decrypt SSL packages with Wireshark as described here. I have already created a SSLKEYLOGFILE System and User variable and the log file. I have restarted my computer (running Windows 10), and opened https urls with Chrome and Firefox, but none write to the ssl log file. My Chrome version is 56.0.2924.87 (64-bit) … Read more
The code in the “Update” section of the question will work without any changes. You just need to make sure to remove the “base64:” prefix in the encryption key provided. Once that is removed, it will work as expected.
No. MD5 is not encryption (though it may be used as part of some encryption algorithms), it is a one way hash function. Much of the original data is actually “lost” as part of the transformation. Think about this: An MD5 is always 128 bits long. That means that there are 2128 possible MD5 hashes. … Read more