PHP Classes

PROTIP: If you're going to encrypt with MCRYPT_RIJNDAEL_256 (...

Recommend this page to a friend!

      Encryption Class  >  All threads  >  PROTIP: If you're going to encrypt...  >  (Un) Subscribe thread alerts  
Subject:PROTIP: If you're going to encrypt...
Summary:Package rating comment
Messages:1
Author:Scott Arciszewski
Date:2015-12-12 06:36:27
 

Scott Arciszewski rated this package as follows:

Utility: Bad
Consistency: Not sure
Examples: Not sure

  1. PROTIP: If you're going to encrypt...   Reply   Report abuse  
Picture of Scott Arciszewski Scott Arciszewski - 2015-12-12 06:36:27
PROTIP: If you're going to encrypt with MCRYPT_RIJNDAEL_256 (a non-AES variant of Rijndael) using MCRYPT_MODE_ECB (which is the most insecure mode you could choose), you don't need to waste cycles generating an IV. ECB mode doesn't use one.

Also:

- Chosen-ciphertext attacks
- It uses ECB mode, which is a vulnerability in and of itself
- It uses trim(), which means if you try to encrypt raw binary data with this library, it will corrupt it during decryption

According to the other thread http://www.phpclasses.org/discuss/package/4925/thread/1/

"This is a good class and useful for security in data transmission between client and server"

No, this is not a good class and it is NOT useful for security.

Also, don't use rand() to generate an encryption key. Ever. That's a worse decision than, say, using this PHP class in production.