tags:

views:

84

answers:

2
+1  Q: 

PHP Blowfish encryption

I've been asked to point a login form to an external site, where login and pass should be present in the URL and the pass should be Blowfish encrypted. I was provided a "key" which is in the format: "nnn-nnnssssssssssssssssssssssssnnnnnn" where n is a number and s is a letter (24 of them).

From the PHP docs it seems that to trigger Blowfish encryption with crypt() one needs to provide a salt in a specific format, starting with "$2a$", but this is not the format of the key I was provided. Does this mean I need to provide a salt of my own? If yes, what is the point of the key I was provided?

+1  A: 

crypt is a hashing function, it's not for encryption. To actually encrypt something you need mcrypt or a pure php implementation (i remember to see something in pear).

stereofrog  2010-09-07 08:50:46
+1 Worst name ever for a hash function. ;)
deceze  2010-09-07 08:52:30
I may have formulated things wrong, "hashing" is probably the correct term.
stef  2010-09-07 08:57:24
@stef, well, if the hashing is actually what they want, i'd call them and ask ;) i guess, you're supposed to use "$nnn$xxxx" instead of "nnn-xxxxx..."
stereofrog  2010-09-07 09:00:40
+1  A: 

Try this as the salt: $2a$nn$nnnnsssssssssssnnn$ (didn't work)

It isn't a hash then and you'll have to use mcrypt or the PEAR library:

http://pear.php.net/package/Crypt_Blowfish

Example:

http://www.chilkatsoft.com/p/php_blowfish.asp

I don't see an IV so the mode will have to be ECB (weak) and the whole thing will be the key.

Rob Olmos  2010-09-07 08:57:57
Yep that's what I did but this gives me $2a$08$HBHfHB.yHBa2MQyvKhLrcOjQY22GCusbxK2NT2ClnfNHDh4r61gmO as the hashed value for a test string but this is different from the hashed result at their side, which is p/R0ePNz - afaik theirs can not be a blowfish hash.
stef  2010-09-07 09:18:11
@stef Thanks for the feedback. See my edited answer.
Rob Olmos  2010-09-07 19:32:23

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases