This is hex c4 and dec is 196
When string length is 50 one of my project returning \xc4
If length is 51 then getting hex \xc5
length 55 = \xc9
length 56 = \xca
length 61 = \xcf
length 62 = \xd0
Continuously \xd9 then \xda to continuously \xdf then changing xd to xe again from \xe0 to \xe9 and \xea to \xef
How it possible to get length 50 to hex c4 or dec 196?
I can convert dec to bin and bin to hex using below code:
$binary = decbin(50); //dec to binary
echo dechex(bindec($binary)); //binary to hex
I think you're possibly overthinking this: forget about the hexadecimal for a while, and note that you've already discovered that you need to convert 50 to 196. The simplest way to do that is simply to add 146. So dechex(50 + 146) gives you the value you need.
The rest of the sequence is, as I think you've already worked out, just hexadecimal values going upwards from there, so from what you've said, there's nothing more clever to do than add that offset to each value. Why that offset? I have no idea, because I have no idea what you're using this for.
Meanwhile, converting to binary and back isn't doing anything - it's like writing a word backwards, and then writing it back the right way again. You can just pass the number into dechex directly.
This question already has answers here:
Laravel AES-256 Encryption & MySQL
(2 answers)
Closed 2 years ago.
Setup
Given the following:
$s = Crypt::encryptString('a');
Is is possible to know, for a string of length 1, the possible range of lengths of $s?
Context
Database storage - need to store an encrypted value, and would like to set validation of the input string so the longest length input string, when encrypted, is inserted into the db without truncation.
Basic tests
Running some very crude tests locally, using the following snippet:
Route::get('/test', function() {
echo '<table>';
for ($i=0; $i < 100; $i++) {
$s = str_repeat('a', $i);
$l1 = strlen($s);
$l2 = strlen(Crypt::encryptString($s));
echo "<tr><td>$l1</td><td>$l2</td></tr>";
}
echo '</table>';
});
I can see the following, but it varies between runs, for example, a string of 'a' will be of length of either 188 or 192 (longer values seem to be between 244 and 248).
So there must be a formula. I have seen output_size = input_size + (16 - (input_size % 16)) but doesn't account for the variance.
Output
0 192
1 188
2 188
3 192
4 188
5 188
6 188
7 192
8 192
9 188
10 188
11 192
12 192
13 192
14 192
15 192
16 220
17 220
18 216
19 216
20 220
Edit
Ok, so after chatting with #Luke Joshua Park below, the variance in length comes from the laravel encryption function and the way $iv is created, which is random bytes, which can contain /.
$value inside the encryption method can also contain a /.
When values that contain a / are JSON encoded, the / is escaped to \\\/ adding an additional 3 characters per occurrence.
The real problem - can $iv and $value contain more than a single '/'?
Looking through the source code for Crypt::encryptString, we can see that the final result will be a base64 encoded JSON object that has the following structure:
{ "iv": "<128 bits in base64>", "value": "<x bits in base64>", "mac": "<256 bits in hex>" }
Where the value of x is ceil(n / 128) * 128 where n is the number of bits in the original plaintext.
This means that, for an input plaintext of length 1, the size of the output should be:
24 characters for the IV (base64).
24 characters for the ciphertext (base64).
64 characters for the SHA256 mac (hex).
10 characters for the names of the JSON fields.
19 characters of extra JSON characters e.g. {, ", :.
A final round of base64 encoding of the whole thing... (ceil(141 / 3) * 4)
Gives a total of 188. The fluctuations up to 192 are odd - your inputs are not changing in size at all (since the plaintext should always be 16 bytes between 0 - 15 length).
The real problem - can $iv and $value contain more than a single '/'?
Sure. Your worst case for the IV is the IV FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF (hex), which has a Base64 value of /////////////////////w==.
21 forward slashes * extra 3 bytes each = 63 extra bytes.
For the HMAC-SHA-2-256, you could get 32 bytes of 0xFF (worst case), which is //////////////////////////////////////////8= in base64.
42 forward slashes => 126 extra bytes.
For the ciphertext, again, the entire output could be (but likely isn't) FF FF ... FF. All one letter inputs (no matter what encoding) are a single block of ciphertext, making the output be /////////////////////w== again (+63).
The generalized formula for the maximum seems to be
IV: 24 + 63 = 87
HMAC: 24 + 63 = 87
JSON Property Names: 10
JSON Structure: 19
Ciphertext: ceil(ceil((n+1) / 16) * 16 / 3) * 4 * 4 (I used n as bytes. padded ciphertext is ceil((n+1) / blocksize) * blocksize, base64 is 4 * ceil(data / 3), extra *4 is "everything is slashes")
Base64 it all again: 4 * ceil(sum / 3)
= 4 * ceil((4 * 4 * ceil(16 * ceil((n + 1) / 16) / 3) + 203) / 3)
For n=1 that produces 400 bytes. The actual maximum is (I think) 388, because the ciphertext formula is counting 24 slashes as the worst case when 21 is the worst case. So the true supremum needs to call the ciphertext something more complicated involving floor, ceiling, and subtraction.
Note I'm going to award the bounty to #Luke Joshua Park as he got me closest to what ended up being the (closest thing to a) solution, which is to follow.
(Not a) solution
The answer is, there is no concrete answer, not without unknowns and variance. Across the three people looking at this at the time of writing (myself, Luke, and bartonjs) there was still some doubt to a 100% accurate solution.
The question was posed to figure out a reliable type and size to store encrypted data, ideally in a database independent fashion (I didn't want to specify a particular database, as I wanted to know and understand how to calculate a length regardless of the way it was persisted).
However, even strings of the smallest lengths turned out to be quite long in the worst case scenario (where a random $iv was created containing many slashes - unlikely or not, it was possible). Possible encrypted strings of n=1 possibly being 400 bytes long mean that a varchar will never be the right answer.
So... what should be done?
So, instead, it seems best, most consistent and most reliable to store encrypted data as a text field and not a varchar (in mysql land), regardless of the length of the original string. This is a disappointingly boring answer with no fancy maths involved. It's not the answer I would like to accept, but makes the most sense.
But, what about passwords?
In a brief moment of stupidity, I thought, but what about the password field? That is a varchar. But of course that is a hashed value, not an encrypted value (I hadn't had enough coffee when that thought popped into my head, ok?)
I have a string which uses 128B and 128C conversion. ANCV0005YRF01234.
So
ANCV = 128B
0005 = 128C
YRF0= 128B
1234= 128 C
Cant use code 128 Auto as it converts the 0 after F into 128C (which i dont want.). At the moment using two different scripts and concatenating the barcode images,Need to calculate the check digit for that. Not sure how the check digit will be generated ?.
Any help is appreciated. Thanks
I got sum of characters by weights (rightmost column) from your example string = 5468 % 103 = 9 for a checksum if you want to switch back and forth.
Assuming one has a specific set of 128 bits -- represented in hexadecimal as: A1 B1 C1 D1 E1 F1 10 20 30 40 50 60 70 80 90 55 -- how does one specify this value as the key to be used in the PHP 'hash_hmac' function?
That is, what will be the actual value typed in for the 'key' argument?
hash_hmac('md5', 'The quick brown fox', '<what goes here for the above 128 bit value?>')
Thanks in advance.
The hex2bin() function will convert your hex string into a binary representation. For example:
hash_hmac('md5', 'The quick brown fox', hex2bin('A1B1C1D1E1F110203040506070809055'))
I would like to create some arrys. First of all I would like to tell you what it is about so that you understand why I am doing this:
Cryptography.
I want create an array with the alphabet.
such as
$a1 = array("a"=>"b", "b"=>"c",....,"z"=>a");
Alright, that is just a bit of typing so now I want to do it a bit more often. In this case it is x+1=y or in other words for the decoding x=y-1
So lets say I would like to do that with a position change from 1 to 26 - I would have 26 arrays than.
The encryption and decryption itself is not that problem in php and not what I am asking for as it is simple string replacement. But I was wondering if there is anything like this possible to create in an dynamic way by telling:
createAlphabets(1,12)
and it creates me a multidimensional array with 12 alphabet keys?
This is the second part of my question:
is there mathematically figure of more possibilities to swap characters by calculation?
I mean, x+5-3=y is the same like x+2=y so however I calculate it is covered by my 26 arrays? so even if I say: x-5+3=y =? x-2=y it is the same like x+24=y ? isnt it? Please dont bother telling me it might be +25 or +23 and that I am not going to have 24 arrays - its 8am and I didnt sleep - I am just asking about the principle - I dont want you to do my work - I am just looking for some comfirmation and an idea.
$chars = range('a', 'z');
$shift = 5;
$shifted = array_merge(array_slice($chars, $shift), array_slice($chars, 0, $shift));
$alphabet = array_combine($chars, $shifted);
Since there are 26 characters in your alphabet you can only shift them by 26 characters, meaning there are 26 possible combinations.