Description: ------------ as per your example $rc4 = new Crypt_RC4; $rc4->key($key); echo "Original message: $message \n"; $rc4->crypt($message); echo "Encrypted message: $message \n"; $rc4->decrypt($message); echo "Decrypted message: $message \n"; $rc4->key was supposed to set the key. This is achievable via setKey but the function key per does not influence the encryption routine. Reproduce code: --------------- $keys = 'testkey'; $rc4 = new Crypt_RC4 (); //commented or not commented it gives the same ouput //$rc4->key($keys); $rc4->crypt($text); echo "Encrypted message: $text <BR> <BR>"; $rc4->decrypt($text); echo "Decrypted message: $text <BR> <BR>"; Expected result: ---------------- Perhaps is a desired result (as I was able to set the key using the method setKey) but is somehow confusing in the example. I was under the impression that $key would have set the encryption key but, even if not defined, the text is encrypted and decrypted with (I assume) a default key.

The key also works if given in constructor as: $rc4 = new Crypt_RC4($key); However since the class does not have any documentation other than the examples it is quite frustrating when the examples don't work.

Concerning // $Id: Rc4.php,v 1.6 2003/10/04 16:39:32 zyprexia Exp $ on Mac OS X 10.3.7 with PHP 4.3.2 and Fedora Core 2 for i386 with PHP 4.3.4. Using different keys to encypher the same plaintext results in identical cyphertexts: #!/usr/bin/php <?php include("Rc4.php"); $key1 = "A well regulated militia, being necessary to the security of a free state, the right of the people to keep and bear arms, shall not be infringed.";$key2 = "No soldier shall, in time of peace be quartered in any house, without the consent of the owner, nor in time of war, but in a manner to be prescribed by law."; printf("length of key1 %d\n",strlen($key1)); printf("length of key2 %d\n\n",strlen($key2)); $msg1 = "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."; $msg2 = $msg1; printf("length plaintext1 %d\n",strlen($msg1)); printf("length plaintext2 %d\n\n",strlen($msg2)); $a = new Crypt_RC4; $a->key($key1); $a->crypt($msg1); $b = new Crypt_RC4; $b->key($key2); $b->crypt($msg2); printf("length cyphertext1 %d\n",strlen($msg1)); printf("length cyphertext2 %d\n\n",strlen($msg2)); if ($msg1 == $msg2) { printf("WARNING!\n"); printf("cyphertext1 and cyphertext2 are the SAME although encyphered with DIFFERENT keys\n"); printf("key1: %s\n",$key1); printf("key2: %s\n",$key2); } else { printf("OK: cyphertext1 and cyphertext2 ARE different\n"); } ?> That program generates the following result: ::::::~/src/junk wds$ php -f fubar.php length of key1 145 length of key2 156 length plaintext1 332 length plaintext2 332 length cyphertext1 332 length cyphertext2 332 WARNING! cyphertext1 and cyphertext2 are the SAME although encyphered with DIFFERENT keys key1: A well regulated militia, being necessary to the security of a free state, the right of the people to keep and bear arms, shall not be infringed. key2: No soldier shall, in time of peace be quartered in any house, without the consent of the owner, nor in time of war, but in a manner to be prescribed by law. ::::::~/src/junk $ If you are considering using this implementation of alleged RC4, test it very carefully first. It's not what it represents itself to be.

The previous test didn't work for obvious reasons. ($a->crypt($msg1) doesn't change the content of variable $msg1). However, with the following modification, the key assignment does indeed work and the above test is successful when run on current CVS (php5-only) $a = new Crypt_RC4; $a->key($key1); $msg1 = $a->encrypt($msg1); $b = new Crypt_RC4; $b->key($key2); $msg2 = $b->encrypt($msg2);

This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. One thing, though I'd like to add: If you encode the same string twice with the same instance, you'll get two different results. See bug #4177 to follow up.

There is, however, a related issue. For discussion of that, see bug #4177.