Mar 18 2008
mcrypt_decrypt does not remove trailing padding
It took me 2 solid hours to figure out why two visually identical strings would produce totally difference checksums.
After examining the byte output of mcrypt_decrypt, I found there are tons of trailing nulls behind the decrypted string. The reason why I could not visually differentiate between a string with trailing nulls ($A) and the one without ($B) is because the echo command and string concatenating commands seems to discard the nulls altogether.
However, byte level comparator like $A === $B and strcmp($A, $B) would produce negative results because they treat trailing nulls as valid data. In order to remove the trailing nulls caused by cryptographic padding, we simply remove the trailing nulls: rtrim($A, “\0″) such that rtrim($A, “\0″) == $B.