PHP Classes

Return empty decrypt value

Recommend this page to a friend!

      PHP Rijndael OpenSSL  >  All threads  >  Return empty decrypt value  >  (Un) Subscribe thread alerts  
Subject:Return empty decrypt value
Summary:What happens if decryption is broken
Messages:3
Author:Dragan Zlatkovski
Date:2019-02-07 15:08:01
 

  1. Return empty decrypt value   Reply   Report abuse  
Picture of Dragan Zlatkovski Dragan Zlatkovski - 2019-02-07 15:08:01
I want ask you, what happen if the password is not correct. I checked and noticed that in this way return empty string "", but I must be secure is this rule always valid? Because I need me to make compare if(decrypt(..)=="") then the password is incorect. Or data is compromised maybe.

  2. Re: Return empty decrypt value   Reply   Report abuse  
Picture of Antonio Leiva Antonio Leiva - 2019-02-08 10:58:57 - In reply to message 1 from Dragan Zlatkovski
Hi!.

The method decrypt() calls to openssl_decrypt() and mb_convert_encoding().

Function openssl_decrypt() returns FALSE on failure, and mb_convert_encoding() returns an empty string if the string being encoded is FALSE.

So, decrypt() returns an empty string if password is not valid and you can test with empty() or compare with "".

  3. Re: Return empty decrypt value   Reply   Report abuse  
Picture of Dragan Zlatkovski Dragan Zlatkovski - 2019-02-08 14:36:39 - In reply to message 2 from Antonio Leiva
Thank you for your answer. :)