John Rey Flores
Reputation: 187
PHP mcrypt_decrypt will return garbage data when I tried to alter the encrypted text
How can I detect if a variable contains garbage?
I have encrypted text generated from mcrypt_encrypt(). I attempt to edit this (assuming that someone will alter the encrypted text). I want to return an empty value after decryption instead of something like "Ú0úà¡ßQ9õ÷rŒi¾¼v’Ó}çTc~Žk"
Upvotes: 0
Views: 332
Answers (1)
r3mainer
Reputation: 24587
If I understand you correctly, you're looking for a way of encrypting data in such a way that it will be possible to detect if anyone has tampered with it.
The easiest way to achieve this would be to incorporate a checksum into the data before you encrypt it.
For example, you could encrypt the data as follows:
$plaintext = "Lorem ipsum dolor sit amet";
$hash = md5($plaintext);
$output = base64_encode(mcrypt_encrypt(CIPHER, KEY, $hash.$plaintext, MODE));
and then the decryption process would look like this:
$input = mcrypt_decrypt(CIPHER, KEY, base64_decode($output, MODE));
$hash = substr($input, 0, 32);
$text = substr($input, 32);
if (md5($text) != $hash) {
die("Invalid data");
}
/* If you get this far, the encrypted data is fine */
:
echo $text;
:
Upvotes: 2
Related Questions
- Correct decryption returns empty string
- mcrypt_decrypt adding null at the end of decrypted text
- PHP decryption with mcrypt returns unintelligible text instead of original plaintext
- mcrypt messing with data
- Inconsistent Encryption / Decryption Results
- Wrong decryption with mcrypt_decrypt
- mcrypt_decrypt wrong output after using encrypted data php
- Mcrypt Decryption Not Working - PHP
- PHP decrypt not working using mcrypt_decrypt?
- mcrypt_decrypt is not working properly