Blowfish encryption, implemented in PHP and C + +, respectively, but with different results.

Source: Internet
Author: User
First MD5 experiment, the result is the same, but use Blowfish experiment, how to do also can not succeed
The call is as follows:

", Strtoupper (Bin2Hex ($dtext))); } Mcrypt_module_close ($cipher);

C + + is the case:
    Md5_ctx MD5;    unsigned char str[16];    MD5. Md5string (STRSOURCE.C_STR (), str);    Blockcipher *BF;    Char key[] = "Strkey11";              Key    bf = new BlowFish ();    Bf->setkey (void *) key, 8*8);    Bf->encrypt ((void *) STR, 8);      unsigned char str[16];    Bf->encrypt (void *) (str+8), 8);    Char Temp1[4] = {0};    Char buff1[128] = {0};    for (int i = 0;i<16;i++)    {        sprintf (Temp1, "%02x", Str[i]);        strcat (BUFF1,TEMP1);    }    Ansistring strresult = String (buff1). Uppercase ();    Delete BF;

Reply to discussion (solution)

$iv = ' 00000000 ';???
Press Bf->setkey (void *) key, 8*8); Understand
Should be
$iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
, huh?

IV is ignored in ECB. IV must exist in CFB, CBC, STREAM, NOFB and OFB modes.
The MCRYPT_MODE_ECB pattern, $iv is ignored, should not be the problem.

It's like padding before encryption, you try.
$size = Mcrypt_get_block_size (Mcrypt_blowfish, MCRYPT_MODE_ECB);
$input = Pkcs5_pad ($input, $size);

function Pkcs5_pad ($text, $blocksize)
$pad = $blocksize-(strlen ($text)% $blocksize);
Return $text. Str_repeat (Chr ($pad), $pad);

function Pkcs5_unpad ($text)
$pad = Ord ($text {strlen ($text)-1});
if ($pad > strlen ($text)) return false;
if (strspn ($text, Chr ($pad), strlen ($text)-$pad)! = $pad) return false;
Return substr ($text, 0,-1 * $pad);

Well, I can't use $iv.

Is the upstairs method used in PHP's MCrypt module?

I checked the information, in the use of Pear bf Encryption class, the first to padding

Why don't you use it?
if (Mcrypt_generic_init ($cipher, $key, $iv) ...
$iv need to be pure binary data, which is the most easily overlooked

Oh, thank you upstairs, I do not understand the principle of encryption, but in this case, obviously $iv is a neglected parameter, you can experiment with random string filling $iv look at the encryption results, there will be no change.

In addition, this is Blowfish encryption, you can think of other algorithms.

Typo correction: can-〉 possible

It doesn't matter if you measure accidents
Because there is no C + + environment, the test is useless

If you want to determine whether the PHP code problem, you need to give at least 3 sets of C + + encryption Results (clear text and ciphertext)

Thank you, I want to do this, also need C + + Blowfish code? I can email

C + + Blowfish code is not required, even if he has a problem and is not a problem with PHP discussion
I want you to give him the result, which is used to check the results of the PHP operation.

Several sets of results for C + +:
Hara 1:38a0e9312dda8f7c16b9a12159168c76
Secret 1:C58BF3EB9AE84385D90EE7020AC7CECB

Hara 2:ckgvrgebtsmtklqldqxerbnoxzroefol
Secret 2:0fa050cc105e92ebae46492428561d74

Secret 3:2e49406676b5c4e28057d22eb5d5af73

Hara 4:C58BF3EB9AE84385D90EE7020AC7CECB
Secret 4:5A4D282F291F98A5C0748834925EBCFC

to 9 Floor:

I want to provide C + + code, just think, you may not have this library, give you a test, no other meaning

It doesn't make any sense for you to write like that.
All $stext = MD5 ($stext, true); The
Does decryption still work?
Since the decryption is not clear, then there is no wrong meaning.

This is obviously irreversible encryption, you don't say it now, you see it? In addition, do you still insist that $iv is necessary to this statement?

Take a look at my most most starting code ....

My question is: PHP and C + + have different results after the same plaintext processing

Besides, my first floor is clear, MD5, C + + and PHP results are consistent, just in the back of the Blowfish stage, there are different

So you're going to have to dodge MD5 's problem?

That is, you can only look at the latter half of the paragraph, MD5 after the operation of the result is no problem, and then there is a problem

C + + The result is not a problem, here is an online blowfish encryption, you can verify

Bin2Hex (MD5 (' 38a0e9312dda8f7c16b9a12159168c76 ', true))

= df22a2ca739c2c2735e3bf4543a5206c

Put this input, key is Strkey11

The result is:

It's not the same as your results.

Thank you upstairs, you have more than one step to deal with Bin2Hex, this treatment will affect the final result Ah, I feel the input is different, is not it?

In addition, the output of this processing method is not the same, the length has risen by one times, the general Blowfish is not variable long bar

C + + code I have been posted out, less a C + + BF class Library, as if Google was used in the public, with a long time, remember, but should not be wrong, you leave an email to help me see?

Excuse me!
Originally excited to help you solve the problem, but found that the irreversible is not interested in

Blowfish is a reversible encryption algorithm, and the length of the ciphertext varies with the plaintext

First of all you have to find out whether PHP is wrong or C + + wrong, I used bin2hex really wrong, but MD5 after the binary data can not be verified,
Can you not use MD5 direct character abcdefgh, what is after encryption?

Page results are
Ciphertext 5B4148819C51DCB5

First of all, the C + + encryption results are reversible, I think this does not exist who is wrong, I believe that the results of PHP is reversible, but they are in the encryption and decryption in the middle State of the form of ciphertext, and we just want to use ciphertext to do the contrast ...

Well, C + + does not MD5, processing abcdefgh, the result is 12db6214f5eab031, where key is "Strkey11", the displayed format is 16 binary, by converting the blowfish processing result of each byte into 16 letters to generate

I use MD5 in PHP to output binary, is to match with C + +, and C + +, Blowfish just receive two groups of byte to deal with, all save the conversion and fill, but also less error process

I used PHP's online decoding.

5B4148819C51DCB5 can decipher it, but 12db6214f5eab031 can't.

Is there anything different about C + + programs? As long as encryption and decryption can not be mistaken, but to each other to decrypt the encryption must follow the same algorithm.

The same symmetric algorithm, the same key, it is unlikely that ciphertext is not the same, except for some random disturbances. But from the Blowfish algorithm,
There is no random disturbance, is it possible that the Pbox,sbox definition is not the same?

There are two questions about C + + code that you can confirm.
1) Bf->setkey ((void *) key, 8*8); The second parameter should be the length of the key, why 8*8?
2) PHP has the ECB mode set, but not in C + +, is the ECB the default?

I found the reason, your algorithm and PHP Blowfish algorithm is not the same, C + + algorithm is Blowfish-compat

So change to $cipher = Mcrypt_module_open (' Blowfish-compat ', ' ', MCRYPT_MODE_ECB, ');
That should be all right.

Praise Upstairs! Problem solved 99.9%, that is, this algorithm, PHP results came out, I was so processed:

Strtoupper (Bin2Hex ($data))
, but the result is a few times longer than expected, in fact, it can end here, because although a long time, the first half is the result I want, already can use.

But there is a small problem, I do not understand the PHP 16 into the method, how to turn to the president one-fold, can directly turn into equal length?

See the transformation of C + +, code like this
sprintf (Temp1, "%02x", Str[i]);
, I have looked at the principle of blowfish, did not see big understand, but the feeling should be position replacement, will not grow

Can solve this problem, it is really perfect, hehe

I know what the problem, I used to do the verification of C + + program is removed from the original program after the change, I am in the clear Text processing array, only half of the time (the original program processing data is half the length of ...) ), so the half-length came out, and your whole length was right.

Knot, this topic I have time to tidy up, posted on the blog bar, now on the internet can not find the C + + and PHP results Interoperability practices

Obviously, it's the right choice not to take the time to get you wrong.

Moderator talk is not reliable, I also encountered this problem, thanks to Meteorlet's enthusiasm

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.