Archive

Archive for September, 2013

Setting session timestamp limited to script scope in PHP

September 24th, 2013 No comments

Lets start with analyzing a use case. Well at Saturn we required to run a cron
job which was written in php, with a lot of use for date functions, every day
starting Jan 1 2001 to Dec 31 2012. I did not dig much into override_function
to change the behavior of the date function, instead a small class was written
to handle the ticks, but the loop was run using a history table in mysql.

Read more…

RSA encryption in PHP decryption in .NET

September 12th, 2013 2 comments

If the subject is searched on the net, the basic issue that pops up would be “bad key” exception or decryption issue. If you have access to the original code with which the implementation is done, then you should be able to identify the mismatch. But for the time, quoting root.org for RSA padding , RSA requires the plaintext to be armored during encryption/signing and the result to be verified during decryption/verification. Unfortunately, this armoring is commonly called “padding”, which means some implementers think it functions like ordinary protocol padding. The interoperability principle (“be strict in what you send and lenient in what you accept”) is exactly opposite how public key crypto must be implemented. Padding cannot be ignored and if even one bit is out of place, the message is invalid. Failure to implement all the steps correctly could allow attackers to forge signatures, decrypt ciphertext, or even recover the private key. Read more…