|Subject:||PROTIP: If you're going to encrypt...|
|Summary:||Package rating comment|
Scott Arciszewski rated this package as follows:
|Consistency: ||Not sure|
|Examples: ||Not sure|
Scott Arciszewski - 2015-12-12 06:36:27
PROTIP: If you're going to encrypt with MCRYPT_RIJNDAEL_256 (a non-AES variant of Rijndael) using MCRYPT_MODE_ECB (which is the most insecure mode you could choose), you don't need to waste cycles generating an IV. ECB mode doesn't use one.
- Chosen-ciphertext attacks
- It uses ECB mode, which is a vulnerability in and of itself
- It uses trim(), which means if you try to encrypt raw binary data with this library, it will corrupt it during decryption
According to the other thread http://www.phpclasses.org/discuss/package/4925/thread/1/
"This is a good class and useful for security in data transmission between client and server"
No, this is not a good class and it is NOT useful for security.
Also, don't use rand() to generate an encryption key. Ever. That's a worse decision than, say, using this PHP class in production.