4WebHelp
 FAQ  •  Search  •  User Groups  •  Forum Admins  •  Smilies List  •  Statistics  •  Rules   •  Login   •  Register
Toggle Navigation Menu

 Decryting an encryted string
Post New TopicReply to Topic
View Previous Topic Print this topic View Next Topic
Author Message
jayant
Team Member



Joined: 07 Jan 2002
Posts: 262
Location: New Delhi, India

PostPosted: Sun Apr 20, 2003 2:41 pm (14 years, 8 months ago) Reply with QuoteBack to Top

a string was encryted using:

Code:
$cpass = crypt($FORM{'string'},$random);


here $random is a random number or string. i am not sure if it is number only or string only or mix. it is obtained via following code in Perl

Code:
open(RANDOM,"/dev/urandom");
read RANDOM,$random,4096;
close(RANDOM);
$random =~ s/\W//g;


Length of password generated is 13 always

Now need to decrypt it in a PHP script (though a perl script will also do).
i am confused a bit how mcrypt_decode() (a php fn) will work for this.

________________________________
Jayant Kumar
Member of the 4WebHelp Team
Nibble Guru - Computing Queries Demystified
GZip/ Page Compression Test
OfflineView User's ProfileFind all posts by jayantSend Personal MessageVisit Poster's WebsiteYahoo MessengerMSN Messenger
jayant
Team Member



Joined: 07 Jan 2002
Posts: 262
Location: New Delhi, India

PostPosted: Tue Apr 22, 2003 5:09 pm (14 years, 7 months ago) Reply with QuoteBack to Top

Wondering if the questions I ask are too advanced to be answered Sad or is it that I am unable to explain properly

________________________________
Jayant Kumar
Member of the 4WebHelp Team
Nibble Guru - Computing Queries Demystified
GZip/ Page Compression Test
OfflineView User's ProfileFind all posts by jayantSend Personal MessageVisit Poster's WebsiteYahoo MessengerMSN Messenger
adam
Forum Moderator & Developer



Joined: 26 Jul 2002
Posts: 704
Location: UK

PostPosted: Tue Apr 22, 2003 5:19 pm (14 years, 7 months ago) Reply with QuoteBack to Top

as far as I know it is impossible to decrypt the cyphertext in this case.

________________________________
It's turtles all the way down...
OfflineView User's ProfileFind all posts by adamSend Personal MessageVisit Poster's Website
jayant
Team Member



Joined: 07 Jan 2002
Posts: 262
Location: New Delhi, India

PostPosted: Tue Apr 22, 2003 6:29 pm (14 years, 7 months ago) Reply with QuoteBack to Top

but crypt (in Perl) is a two way function.

________________________________
Jayant Kumar
Member of the 4WebHelp Team
Nibble Guru - Computing Queries Demystified
GZip/ Page Compression Test
OfflineView User's ProfileFind all posts by jayantSend Personal MessageVisit Poster's WebsiteYahoo MessengerMSN Messenger
adam
Forum Moderator & Developer



Joined: 26 Jul 2002
Posts: 704
Location: UK

PostPosted: Tue Apr 22, 2003 6:35 pm (14 years, 7 months ago) Reply with QuoteBack to Top

well it's not in php Razz

are you sure it's two-way? the same algorithm is used in php, and thats a hashing function - which means it's one-way.

________________________________
It's turtles all the way down...
OfflineView User's ProfileFind all posts by adamSend Personal MessageVisit Poster's Website
jayant
Team Member



Joined: 07 Jan 2002
Posts: 262
Location: New Delhi, India

PostPosted: Tue Apr 22, 2003 6:45 pm (14 years, 7 months ago) Reply with QuoteBack to Top

yes crypt in both perl,php is a two way function.

whats more is that when the password is generated using this, .htaccess authentication is possible.

this code is from CPANEL, one of the popular site administration tools. the file is dowebmailpasswd.cgi (i think, not sure if it was password instead of passwd).

and http authentication is done using this file. the file name where this data is stored has the name "shadow"

________________________________
Jayant Kumar
Member of the 4WebHelp Team
Nibble Guru - Computing Queries Demystified
GZip/ Page Compression Test
OfflineView User's ProfileFind all posts by jayantSend Personal MessageVisit Poster's WebsiteYahoo MessengerMSN Messenger
Daniel
Team Member



Joined: 06 Jan 2002
Posts: 2564

PostPosted: Tue Apr 22, 2003 6:51 pm (14 years, 7 months ago) Reply with QuoteBack to Top

I'm not sure I understood you correctly, but AFAIK passwords encrypted for .htpasswd files can't be decrypted. So I would presume that the crypt() function is a one way function (like md5?).

http://www.php.net/manual/en/function.crypt.php wrote:
Note: There is no decrypt function, since crypt() uses a one-way algorithm

________________________________
Image
OfflineView User's ProfileFind all posts by DanielSend Personal Message
jayant
Team Member



Joined: 07 Jan 2002
Posts: 262
Location: New Delhi, India

PostPosted: Tue Apr 22, 2003 7:29 pm (14 years, 7 months ago) Reply with QuoteBack to Top

whats http://www.php.net/manual/en/function.mcrypt-decrypt.php then

________________________________
Jayant Kumar
Member of the 4WebHelp Team
Nibble Guru - Computing Queries Demystified
GZip/ Page Compression Test
OfflineView User's ProfileFind all posts by jayantSend Personal MessageVisit Poster's WebsiteYahoo MessengerMSN Messenger
adam
Forum Moderator & Developer



Joined: 26 Jul 2002
Posts: 704
Location: UK

PostPosted: Tue Apr 22, 2003 9:46 pm (14 years, 7 months ago) Reply with QuoteBack to Top

that would decrypt cyphertext created with http://www.php.net/manual/en/function.mcrypt-encrypt.php which is a different encrypt function, using a different algorithm. I assume there are perl equivalents of those two functions, but you're not using them Smile

________________________________
It's turtles all the way down...
OfflineView User's ProfileFind all posts by adamSend Personal MessageVisit Poster's Website
drathbun
WebHelper
WebHelper


Joined: 01 Mar 2003
Posts: 69
Location: Texas

PostPosted: Tue Apr 22, 2003 10:43 pm (14 years, 7 months ago) Reply with QuoteBack to Top

jayant wrote:
a string was encryted using:

$cpass = crypt($FORM{'string'},$random);

...
Now need to decrypt it in a PHP script (though a perl script will also do).

Review this: http://www.perldoc.com/perl5.6/pod/func/crypt.html

As stated already, crypt() is a one-way function. There is no equivalent decrypt. The way passwords are generally handled is that you crypt() it with a key, then crypt the user login with the same key and compare the output strings. You don't decrypt.

Dave

________________________________
Dave
Photography Site :: Query Tools Forum :: Weekend Fun
OfflineView User's ProfileFind all posts by drathbunSend Personal MessageVisit Poster's Website
jayant
Team Member



Joined: 07 Jan 2002
Posts: 262
Location: New Delhi, India

PostPosted: Wed Apr 23, 2003 4:30 am (14 years, 7 months ago) Reply with QuoteBack to Top

hmmm.

How did I forget this Rolling Eyes

________________________________
Jayant Kumar
Member of the 4WebHelp Team
Nibble Guru - Computing Queries Demystified
GZip/ Page Compression Test
OfflineView User's ProfileFind all posts by jayantSend Personal MessageVisit Poster's WebsiteYahoo MessengerMSN Messenger
Display posts from previous:      
Post New TopicReply to Topic
View Previous Topic Print this topic View Next Topic


 Jump to:   




You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot edit your posts in this forum.
You cannot delete your posts in this forum.
You cannot vote in polls in this forum.


Page generation time: 0.073068 seconds :: 18 queries executed :: All Times are GMT
Powered by phpBB 2.0 © 2001, 2002 phpBB Group :: Based on an FI Theme