#24 Is it a bug related to 3DES(padding)

open
nobody
5
2012-09-14
2005-12-13
Anonymous
No

mcrypt_module_close($td);
return $encrypted_data;
}
$S = "123456";
echo(BASE64_Encode(fmt3DESEx(sha1($S, true))));

//*****C# code ***
private string fmt3DES(byte[] Value){
byte[] bytKey = new byte[]
{0x9F,0x8C,0x24,0x3A,0xEE,0x34,0x71,0x83,0xB3,0x9D,0xD
8,0x1B,0x20,0x94,0x1E,0x86,0xBC,0x11,0x52,0x9B,0x03,0x
4C,0x88,0x42};
ICryptoTransform ct;
MemoryStream ms;
CryptoStream cs;

  SymmetricAlgorithm mCSP = new

TripleDESCryptoServiceProvider();
mCSP.IV = new byte[]{1,2,3,4,5,6,7,8};
mCSP.Key = bytKey;
mCSP.Mode =
System.Security.Cryptography.CipherMode.CBC;
mCSP.Padding =
System.Security.Cryptography.PaddingMode.PKCS7;

  ct = mCSP.CreateEncryptor(mCSP.Key, mCSP.IV);
  ms = new MemoryStream();
  cs = new CryptoStream(ms, ct,

CryptoStreamMode.Write);
cs.Write(Value, 0, Value.Length);
cs.FlushFinalBlock();
cs.Close();
return Convert.ToBase64String(ms.ToArray());
}

private void btnTest_Click(object sender,

System.EventArgs e) {
string s;
Byte[] clearBytes = Encoding.UTF8.GetBytes
(txtSrc.Text);
Byte[] hashedBytes = ((HashAlgorithm)
CryptoConfig.CreateFromName("SHA1")).ComputeHash
(clearBytes);
s = Convert.ToBase64String(hashedBytes);
txt2.Text = fmt3DES(hashedBytes);
}

Expected result:

xUL2ewBUn7mqNdrgbTzoZyfUjOMZw6r2

Actual result:

xUL2ewBUn7mqNdrgbTzoZ+vkYhgNnLbQ
^^^^^^^^^^^ difference

Discussion

  • Logged In: NO

    full code source
    <?php
    function fmt3DESEx($s){
    $key = pack
    ('H48',"9F8C243AEE347183B39DD81B20941E86BC11529B034C8842");
    $td = mcrypt_module_open(MCRYPT_3DES, '',
    MCRYPT_MODE_CBC, '');
    $iv = pack('H16',"0102030405060708"); //like c# new byte
    []{1,2,3,4,5,6,7,8}
    mcrypt_generic_init($td, $key, $iv);
    $encrypted_data = mcrypt_generic($td, $s);
    mcrypt_generic_deinit($td);
    mcrypt_module_close($td);
    return $encrypted_data;
    }
    $S = "123456";
    echo(BASE64_Encode(fmt3DESEx(sha1($S, true))));
    ?>
    Expected result:


    xUL2ewBUn7mqNdrgbTzoZyfUjOMZw6r2

    Actual result:

    xUL2ewBUn7mqNdrgbTzoZ+vkYhgNnLbQ