Description: ------------ When the length of a plain string is not a multiple of 8, decrypt() return a result with a NUL chars block appened to the end (which length is a multiple of 8). Reproduce code: --------------- <? include 'Blowfish.php'; $BF = new Crypt_Blowfish('test'); while (strlen($str) < 64) { $str .= 'u'; test($str); } function test($plain) { global $BF; echo "Plain string='$plain'" . " Length=" . strlen($plain) . "\n"; $ciph = bin2hex($BF->encrypt($plain)); $unciph = $BF->decrypt(pack("H" . strlen($ciph), $ciph)); echo "Unciphered string='$unciph'" . " Length=" . strlen($unciph) . "\n"; } ?> Expected result: ---------------- No NULs appened to decrypted string. Actual result: -------------- Plain string='u' Length=1 Unciphered string='u' Length=8 Plain string='uu' Length=2 Unciphered string='uu' Length=8 Plain string='uuu' Length=3 Unciphered string='uuu' Length=8 Plain string='uuuu' Length=4 Unciphered string='uuuu' Length=8 Plain string='uuuuu' Length=5 Unciphered string='uuuuu' Length=8 Plain string='uuuuuu' Length=6 Unciphered string='uuuuuu' Length=8 Plain string='uuuuuuu' Length=7 Unciphered string='uuuuuuu' Length=8 Plain string='uuuuuuuu' Length=8 Unciphered string='uuuuuuuu' Length=8 Plain string='uuuuuuuuu' Length=9 Unciphered string='uuuuuuuuu' Length=16 Plain string='uuuuuuuuuu' Length=10 Unciphered string='uuuuuuuuuu' Length=16 ...

This is expected behavior. You can read more on why at: http://www.di-mgt.com.au/cryptopad.html http://us3.php.net/manual/en/function.mcrypt-generic.php

Hi mfonda, I didn't have a clue about cipher padding. For whoever wants it, there is a simple workaround with the trim() function. $plain = trim($BF->decrypt($ciph)); Thank a lot.