0

I'm using code.google.com/p/go.crypto/twofish and I want to decrypt password, which I get from database. The password was encrypt by PHP and it's encoded by base64. In Go, I decode by base64, convert to []byte and I tried decrypt it, but something was going right. My return is empty. It's my code:

func TwofishDecrypt(key, text []byte) ([]byte, error) {
    block, err := twofish.NewCipher(key)
    if err != nil {
        return nil, err
    }

    if len(text) < twofish.BlockSize {
        return nil, errors.New("ciphertext too short")
    }

    iv := text[:twofish.BlockSize]
    text = text[twofish.BlockSize:]
    cfb := cipher.NewCFBDecrypter(block, iv)
     cfb.XORKeyStream(text, text)
     data, err := base64.StdEncoding.DecodeString(string(text))
     if err != nil {
        return nil, err
    }

    return data, nil
}
Mixcels
  • 889
  • 1
  • 11
  • 23
JakubKubera
  • 426
  • 1
  • 3
  • 19
  • 4
    don't you need to decode the base64 BEFORE you decrypt? that's usually how it's done. encrypt -> base64 encode -> store -> base64 decode -> decrypt – Not_a_Golfer Nov 24 '14 at 15:20
  • a general word of advice: passwords should never be stored (even if encrypted), you should only store a (salted) hash of the password. The "industry standard" password hashing function is bcrypt (http://en.wikipedia.org/wiki/Bcrypt), maybe you should look into that. How to do this in Go is described here: http://stackoverflow.com/questions/23259586/how-to-make-the-same-hashed-string-as-node-js-bcrypt-with-golang or here http://stackoverflow.com/questions/18545676/golang-app-engine-securely-hashing-a-users-password – rob74 Nov 25 '14 at 10:24
  • Are you checking the err returned from that function? The value is nil if there was an error. Can you show the PHP code used to encrypt? The iv shouldn't be the text, it should be some separate value, depending on the encryption code (as far as I can tell). – kristianp Nov 28 '14 at 01:49

0 Answers0