On Wed, Nov 30, 2011 at 10:18 PM, Adam Richardson <simpleshot@xxxxxxxxx> wrote:
> On Wed, Nov 30, 2011 at 4:14 PM, Matijn Woudt <tijnema@xxxxxxxxx> wrote:
>
>> On Wed, Nov 30, 2011 at 9:57 PM, Rick Dwyer <rpdwyer@xxxxxxxxxxxxx> wrote:
>> > Hello all.
>> >
>> > I am using the following function to encrypt a string:
>> >
>> > define('SALT', 'myvalueforsalthere');
>> >
>> > function encrypt($text)
>> > {
>> > return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, SALT,
>> > $text, MCRYPT_MODE_ECB,
>> > mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256,
>> MCRYPT_MODE_ECB),
>> > MCRYPT_RAND))));
>> > }
>> >
>>
>> Can you post your decrypt function too?
>>
>> You create a random IV here, don't you need that IV to decrypt too?
>>
>>
> You're normally right, Matijn,
>
> However, ECB mode doesn't use an IV, so even though he's generating an IV,
> it's not being used (and, the benefit of an IV is one of the main reasons
> you try to avoid ECB.)
>
> Adam
Ah, I see, you're right. I thought he was using CBC (which I would recommend).
That also means that example #1 is wrong at mcrypt_encrypt help page[1].
Matijn
[1] http://php.net/manual/en/function.mcrypt-encrypt.php#example-884
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
