在Ruby中解密PHP MCRYPT_RIJNDAEL_256 [英] Decrypting PHP MCRYPT_RIJNDAEL_256 in Ruby
问题描述
我有一个充满加密密码的数据库,我需要在Ruby中解密该密码才能进行平台更改.如何将该PHP代码移植到Ruby?曾尝试在具有AES_256的Ruby中使用OpenSSL,但收到错误解密"错误,以及我的密钥($ salt)不够长的错误.
I have a database filled with encrypted passwords that I need to decrypt in Ruby for a platform change. How can I port this PHP code to Ruby? Have tried to use OpenSSL in Ruby with AES_256 but getting 'Bad Decrypt' errors and also errors that my key ($salt) isn't long enough.
在下面的示例中,$ salt是25个字符串.
In the example below, $salt is a 25 character string.
这是PHP解密功能:
function decrypt_password($text, $salt)
{
return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256,
$salt, base64_decode($text), MCRYPT_MODE_ECB,
mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB),
MCRYPT_RAND)));
}
推荐答案
MCRYPT_RIJNDAEL_256
算法不能实现em,不能实现AES,它使用256位块大小来实现Rijndael.这不是默认模式,您可以在此处.
MCRYPT_RIJNDAEL_256
algorithm does not implement AES, it implements Rijndael using a 256 bit block size. This is not a default mode, you can find an implementation for Ruby here.
此外,您似乎正在使用$salt
变量作为键.密钥会自动扩展到下一个可用的密钥大小.对于25个 byte 密钥,我假设将使用256位(32字节)密钥.这是$salt
值,扩展了值为00
的字节.请注意,我假定每个字符在您的系统上都被编码为单个字节.
Furthermore, you seem to be using the $salt
variable as a key. Keys are automatically extended to the next available key size. For 25 byte keys I presume a 256 bit (32 byte) key will be used. This is the $salt
value, extended with bytes valued 00
. Note that I'm presuming that each character is encoded as a single byte on your system.
最后一个惊喜是,您可以放心地忽略代码的mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)
部分,因为ECB模式不使用IV,因此它返回的值被完全忽略.请注意,对字符串使用ECB模式-当然也对密码使用-是不安全的.
As a final surprise, you may safely disregard the mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)
part of the code, as ECB mode does not use an IV, so the value it returns is fully ignored. Note that using ECB mode for strings - and therefore also passwords of course - is not secure.
您至少应使用随机IV的AES CBC.而且,您应该考虑使用 bcrypt 而不是如果您不需要密码本身的值,则进行加密.
You should, at the very minimum use AES CBC with a random IV. And you should consider using bcrypt instead of encryption if you don't need the value of the passwords itself.
这篇关于在Ruby中解密PHP MCRYPT_RIJNDAEL_256的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!