On Wed, Nov 30, 2011 at 4:14 PM, Matijn Woudt <tijnema@xxxxxxxxx> wrote:
> On Wed, Nov 30, 2011 at 9:57 PM, Rick Dwyer <rpdwyer@xxxxxxxxxxxxx> wrote:
> > Hello all.
> >
> > I am using the following function to encrypt a string:
> >
> > define('SALT', 'myvalueforsalthere');
> >
> > function encrypt($text)
> > {
> > return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, SALT,
> > $text, MCRYPT_MODE_ECB,
> > mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256,
> MCRYPT_MODE_ECB),
> > MCRYPT_RAND))));
> > }
> >
>
> Can you post your decrypt function too?
>
> You create a random IV here, don't you need that IV to decrypt too?
>
>
You're normally right, Matijn,
However, ECB mode doesn't use an IV, so even though he's generating an IV,
it's not being used (and, the benefit of an IV is one of the main reasons
you try to avoid ECB.)
Adam
--
Nephtali: A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com
