01-06-2015, 10:35 AM
Lame I was hoping this would be 16 but it's 32:
So the key is the MD5 of the username and password (the key is in hex).
I'm just going to guess the IV is random since it is prepended to the encrypted password... but they are dumb enough to think that MD5, a 128 bit hash, is the proper size for a 32 byte (256 bits) key.
If you want to, the "change password/create password" function is where you would find the IV creation. Which let's hope is something like "$iv = substr(md5($password), 0, 16)"
Code:
echo mcrypt_get_key_size('twofish', 'cfb');So the key is the MD5 of the username and password (the key is in hex).
I'm just going to guess the IV is random since it is prepended to the encrypted password... but they are dumb enough to think that MD5, a 128 bit hash, is the proper size for a 32 byte (256 bits) key.
If you want to, the "change password/create password" function is where you would find the IV creation. Which let's hope is something like "$iv = substr(md5($password), 0, 16)"