Geek Answers Handbook

Decrypt (with PHP) Java encryption (PBEWithMD5AndDES)

Someone asked me to decrypt with PHP a string encrypted with the following Java class.

public class CryptoLibrary { private Cipher encryptCipher; private sun.misc.BASE64Encoder encoder = new sun.misc.BASE64Encoder(); public CryptoLibrary() throws SecurityException{ java.security.Security.addProvider(new com.sun.crypto.provider.SunJCE()); char[] pass = "NNSHHETJKKSNKH".toCharArray(); byte[] salt = { (byte) 0xa3, (byte) 0x21, (byte) 0x24, (byte) 0x2c, (byte) 0xf2, (byte) 0xd2, (byte) 0x3e, (byte) 0x19 }; init(pass, salt, iterations); } public void init(char[] pass, byte[] salt, int iterations)throws SecurityException{ PBEParameterSpec ps = new javax.crypto.spec.PBEParameterSpec(salt, 20); SecretKeyFactory kf = SecretKeyFactory.getInstance("PBEWithMD5AndDES"); SecretKey k = kf.generateSecret(new javax.crypto.spec.PBEKeySpec(pass)); encryptCipher = Cipher.getInstance("PBEWithMD5AndDES/CBC/PKCS5Padding"); encryptCipher.init(Cipher.ENCRYPT_MODE, k, ps); } } public synchronized String encrypt(String str) throws SecurityException{ if(str!=null){ byte[] utf8 = str.getBytes("UTF8"); byte[] enc = encryptCipher.doFinal(utf8); return encoder.encode(enc); } else { return null; } } }

I do not know Java, so I need help to understand this encryption.

1) what is the meaning of this line? PBEParameterSpec ps = new javax.crypto.spec.PBEParameterSpec(salt,20);

2) what value should be used for the first parameter string mcrypt_encrypt ( string $cipher , string $key , string $data , string $mode [, string $iv ] )

3) When should I use MD5 in my php script?

0
java php cryptography md5 des
source share
2 answers

1) It creates the parameters for encryption based on the password, the salt that is included in the calculation of the hash, and the number of iterations that are performed by the hash method (on its own output). It is used to defeat the attacks of rainbow tables, basically the attacker has to go through the same number of iterations to check the password is correct, and he cannot use the pre-calculated table, because the salt will be different for each password (so you can’t see if someone has the same password as another user).

2) MCRYPT_DES, and you will need MCRYPT_MODE_CBC for mode and, of course, PKCS # 5.

3) Only when you are absolutely sure that its shortcomings are not identified or absolutely necessary to ensure compatibility. Fortunately, it is relatively safe for key derivation functions. Download the pbkdf1 method for PHP and put it there - if it is not already included.

0
source share

I had to do the same for my client and wrote a few lines of code to help with the problem: https://github.com/KevinBusse/PBEWithMD5AndDES

+1
source share

More articles:


All Articles