Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Is there a reason why the result of Symmetric::encrypt() always starts with 'MUIFA'? #184

Open
oantonioo opened this issue Feb 11, 2023 · 1 comment
Open

Is there a reason why the result of Symmetric::encrypt() always starts with 'MUIFA'? #184

oantonioo opened this issue Feb 11, 2023 · 1 comment

Comments

@oantonioo
Copy link

Can I trust that it will always be like this?

The idea is to send the broken 'encrypted token', removing 'MUIFA' from the beginning and when I receive the token back I add the 5 characters removed and decrypt.

This nonsense serves me for 3 things:
1 - Hide as much as possible that it is an encrypted text
2 - Hide what I use for this behind this, sodium and paragonie.
3 - If someone decides to play with the decryption, missing the first 5 characters will have a new problem.
@paragonie-security
Copy link
Contributor

paragonie-security commented Feb 19, 2023
edited
Loading

The ciphertext consists of a header with version information. This is then base64-encoded.

halite/src/Halite.php

Lines 48 to 50 in cfafc30

const HALITE_VERSION_KEYS = "\x31\x40\x05\x00";
const HALITE_VERSION_FILE = "\x31\x41\x05\x00";
const HALITE_VERSION = "\x31\x42\x05\x00";

If you remove it, then you will have difficulty with decrypting messages across Halite versions. But if you accept that risk, that's fine.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@paragonie-security @oantonioo