Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Character length to be expected in Laravel 5 Crypt function [duplicate]

Just a quick question if I'm using the Laravel 5 Crypt::encrypt() function and I would like to save it into a database, how many characters am i expecting? Does the character length depends on the length of my message or would it be at a fixed length?

Currently I am using varchar 255 in my database and from time to time there are missing characters here and there thus causing problems during decryption.

Thank You

like image 501
Kenny Yap Avatar asked May 25 '15 13:05

Kenny Yap


3 Answers

From the official Laravel documentation:

Laravel provides facilities for strong AES encryption via the Mcrypt PHP extension.

From official PHP documentation using mcrypt_generic.

If you want to store the encrypted data in a database make sure to store the entire string as returned by mcrypt_generic, or the string will not entirely decrypt properly. If your original string is 10 characters long and the block size is 8 (use mcrypt_enc_get_block_size() to determine the blocksize), you would need at least 16 characters in your database field. Note the string returned by mdecrypt_generic() will be 16 characters as well...use rtrim($str, "\0") to remove the padding.

More here

So I guess the correct answer, is that the size of characters generated by the encrypt function depends on the size of the text you are parsing through the encrypt function.

Assuming you are using MySQL,why don't you just use a TEXT if you are parsing a lot of information? More info about MySQL field types here

like image 126
Harry Geo Avatar answered Oct 10 '22 13:10

Harry Geo


The answer is difficult to define because it does depend on your input size. But even a fixed input size yields different size output.

I created a simple script to test real-world sizes for different string lengths.

Here is the GitHub gist

Here's sample output:

Testing Laravel Crypt::encrypt() result length
Number of passes: 1000000
Minimum input length: 1
Maximum input length: 32
Input length: 1 - Output length 188 - 200
Input length: 2 - Output length 188 - 200
Input length: 3 - Output length 188 - 200
Input length: 4 - Output length 188 - 200
Input length: 5 - Output length 188 - 200
Input length: 6 - Output length 188 - 200
Input length: 7 - Output length 188 - 200
Input length: 8 - Output length 188 - 200
Input length: 9 - Output length 216 - 228
Input length: 10 - Output length 216 - 228
Input length: 11 - Output length 216 - 228
Input length: 12 - Output length 216 - 228
Input length: 13 - Output length 216 - 228
Input length: 14 - Output length 216 - 228
Input length: 15 - Output length 216 - 228
Input length: 16 - Output length 216 - 228
Input length: 17 - Output length 216 - 228
Input length: 18 - Output length 216 - 228
Input length: 19 - Output length 216 - 228
Input length: 20 - Output length 216 - 228
Input length: 21 - Output length 216 - 228
Input length: 22 - Output length 216 - 228
Input length: 23 - Output length 216 - 228
Input length: 24 - Output length 244 - 256
Input length: 25 - Output length 244 - 256
Input length: 26 - Output length 244 - 256
Input length: 27 - Output length 244 - 256
Input length: 28 - Output length 244 - 256
Input length: 29 - Output length 244 - 256
Input length: 30 - Output length 244 - 256
Input length: 31 - Output length 244 - 256
Input length: 32 - Output length 244 - 256

Note - if you're running this yourself, you'll need to set it to around 1 million passes per string length to get the actual hard min and max limits. 500,000 wasn't enough in my testing. Also, the get_random_input function only outputs a maximum 32 character string, so it would have to be modified to test longer strings.

like image 43
jdforsythe Avatar answered Oct 10 '22 14:10

jdforsythe


The output DOES depend on the size of the input so it is safer to use a TEXT datatype for your column instead of a VARCHAR. To test it take the largest possible string in your db column and run it through the encrypt() function to see how large the resulting string is. Note that if you are enforcing a length limit on raw text (before encryption) then you may get away with using VARCHAR.

like image 33
omarjebari Avatar answered Oct 10 '22 13:10

omarjebari