search

Bit-Wasp / bitcoin-lib-php

PHP libraries implementing bitcoin key functions, as well as BIP32 and electrum.
The Unlicense
136 stars 86 forks source link

Function mcrypt_create_iv() is deprecated #117

Closed Milad-Afdasta closed 6 years ago

Milad-Afdasta commented 6 years ago

The following function needs to be updated: BitcoinLib::get_random()

In PHP 7.2 mcrypt was deprecated, as a result we need to substitute mcrytp functions, with openssl.

The original code:

mcrypt_create_iv(32, \MCRYPT_DEV_URANDOM);

The requested change:

return openssl_random_pseudo_bytes(32);

As a safe guard it might be worthwhile to add an exception:

$crypto_strong = \OPENSSL_DEV_URANDOM; $value = openssl_random_pseudo_bytes(32,$crypto_strong); if(!$crypto_strong) throw new \Exception('"Algorithm used to generate random value is NOT cryptographically strong"); return $value;

In addition to this class, mcrypt functions are used throughout this repo, that would need replacing.

afk11 commented 6 years ago

This whole library is deprecated.. The warning at the top recommends using bitwasp/bitcoin which comes from https://github.com/bit-wasp/bitcoin-php