Decryting an encryted string

Posted: Sun Apr 20, 2003 2:41 pm (22 years ago)

a string was encryted using:

Code:

$cpass = crypt($FORM{'string'},$random);

here $random is a random number or string. i am not sure if it is number only or string only or mix. it is obtained via following code in Perl

Code:

open(RANDOM,"/dev/urandom");
read RANDOM,$random,4096;
close(RANDOM);
$random =~ s/\W//g;

Length of password generated is 13 always

Now need to decrypt it in a PHP script (though a perl script will also do).
i am confused a bit how mcrypt_decode() (a php fn) will work for this.

Posted: Tue Apr 22, 2003 5:09 pm (22 years ago)

Wondering if the questions I ask are too advanced to be answered Sad

or is it that I am unable to explain properly

Posted: Tue Apr 22, 2003 5:19 pm (22 years ago)

as far as I know it is impossible to decrypt the cyphertext in this case.

Posted: Tue Apr 22, 2003 6:29 pm (22 years ago)

but crypt (in Perl) is a two way function.

Posted: Tue Apr 22, 2003 6:35 pm (22 years ago)

well it's not in php Razz

are you sure it's two-way? the same algorithm is used in php, and thats a hashing function - which means it's one-way.

Posted: Tue Apr 22, 2003 6:45 pm (22 years ago)

yes crypt in both perl,php is a two way function.

whats more is that when the password is generated using this, .htaccess authentication is possible.

this code is from CPANEL, one of the popular site administration tools. the file is dowebmailpasswd.cgi (i think, not sure if it was password instead of passwd).

and http authentication is done using this file. the file name where this data is stored has the name "shadow"

Team Member Joined: 06 Jan 2002 Posts: 2564

I'm not sure I understood you correctly, but AFAIK passwords encrypted for .htpasswd files can't be decrypted. So I would presume that the crypt() function is a one way function (like md5?).

http://www.php.net/manual/en/function.crypt.php wrote:

Note: There is no decrypt function, since crypt() uses a one-way algorithm

Posted: Tue Apr 22, 2003 7:29 pm (22 years ago)

whats http://www.php.net/manual/en/function.mcrypt-decrypt.php then

Posted: Tue Apr 22, 2003 9:46 pm (22 years ago)

that would decrypt cyphertext created with http://www.php.net/manual/en/function.mcrypt-encrypt.php which is a different encrypt function, using a different algorithm. I assume there are perl equivalents of those two functions, but you're not using them Smile

WebHelper Joined: 01 Mar 2003 Posts: 69 Location: Texas

jayant wrote:

a string was encryted using:

$cpass = crypt($FORM{'string'},$random);

...
Now need to decrypt it in a PHP script (though a perl script will also do).

Review this: http://www.perldoc.com/perl5.6/pod/func/crypt.html

As stated already, crypt() is a one-way function. There is no equivalent decrypt. The way passwords are generally handled is that you crypt() it with a key, then crypt the user login with the same key and compare the output strings. You don't decrypt.

Dave

Posted: Wed Apr 23, 2003 4:30 am (22 years ago)

hmmm.

How did I forget this Rolling Eyes