search

salesagility / SuiteCRM

SuiteCRM - Open source CRM for the world
https://www.suitecrm.com
GNU Affero General Public License v3.0
4.43k stars 2.07k forks source link

[suggestion] replacing Crypt_Blowfish with phpseclib #8722

Open tsmgeek opened 4 years ago

tsmgeek commented 4 years ago

Propose to replace Crypt_Blowfish library with maintained phpseclib. Below is example code that will match enc/dec of existing methods. This also opens up giving a full security library for use though the composer.

use phpseclib\Crypt\Blowfish;

$cipher = new Blowfish(Blowfish::MODE_ECB);
$cipher->setKey('00000000-0000-0000-0000-000000000000');
$cipher->disablePadding();

$data1 = 'testme';
$data2 = "1YIZev2edV8=";

$data1_pad = str_pad($data1, strlen($data1) + ($cipher->block_size - strlen($data1) % $cipher->block_size) % $cipher->block_size, chr(0));
$data1_res = base64_encode($cipher->encrypt($data1_pad));
$data2_res = trim($cipher->decrypt(base64_decode($data2)));

if($data2 === $data1_res) print "matched on encrypt\n";
if($data1 === $data2_res) print "matched on decrypt\n";
tsmgeek commented 4 years ago

8727

Here is patch to migrate over from Crypt_Blowfish to phpseclib