Hi,
I saw this behavior today while working with a Java EE Framework. Every time I'm getting an int ID from the server, that ID is encrypted + encoded in base 64, and the encrypted string is sent back. Each request gives a different encrypted key. The behavior that is strange is that if I make 5 requests, the encrypted text I received after the first request still works (decrypting it will give me the right int ID). The encryption works something like this:
request 1 for (same) ID => int ID + salt + ?(assume unique timestamp) = encrypted text 1 => encoded result 1 request 2 for (same) ID => int ID + salt + ?(assume unique timestamp) = encrypted text 2 => encoded result 2
My question is: without caching anything (test it on two different stations, different encryption strings for same number will decrypt to same number on both stations), how is this behavior possible, in the sense that how does the decryption algorithm know how to map from many 12-character encrypted strings to the same initial data? IN addition, is there a limitation on how many encrypted strings one can have that would map to the same data?
Thanks!
P.S.The Framework, which is open source, uses the javax.crypto.Cipher.doFinal method for both encryption and decryption.