ID: 44133 Updated by: [EMAIL PROTECTED] Reported By: squinky86 at gmail dot com Status: Bogus Bug Type: mcrypt related Operating System: Linux and Windows PHP Version: 5.2.5 New Comment:
Did you actually check the strlens? eg. 0000000 S e e S p o t R u n . \n S e 0000020 e S p o t R u n . \0 \0 \0 \n There are 3 null bytes on the end of the decoded version and the strlen is 16 vs. 13 for $toEncode. This null-padding is discussed extensively in the comments for mcrypt_decrypt in the manual. Previous Comments: ------------------------------------------------------------------------ [2008-02-18 16:44:38] squinky86 at gmail dot com Note that the most curious aspect of it is that two seemingly identical strings, that have the same ord() and strlen(), do not compare as identical. ------------------------------------------------------------------------ [2008-02-18 16:43:54] squinky86 at gmail dot com It does the same thing when iv is the same. ------------------------------------------------------------------------ [2008-02-16 00:02:06] [EMAIL PROTECTED] Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php That\'s because the IV needs to be the same for encrypting as well as decrypting. ------------------------------------------------------------------------ [2008-02-15 22:20:56] squinky86 at gmail dot com Description: ------------ When I mcrypt_encrypt() a string, then immediately mcrypt_decrypt() the string, the result is two strings that appear identical but are not. Reproduce code: --------------- Due to having multiple test cases for this bug, I have posted the code to: http://www.phpfreaks.com/forums/index.php/topic,182537.msg815864.html Note also that since the posting of this issue, I have noted the following: strlen($toEncrypt) == strlen($decrypted) == 13 ord($toEncrypt[$i]) == ord($decrypted[$i]) for all $i = 0..12 For all intensive purposes, the strings are identical, but PHP does not define them as such. Expected result: ---------------- The strings should be identical after encryption and decryption Actual result: -------------- The strcmp() function returns "-3". The == operator returns "false". ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=44133&edit=1
