Open binarious opened 11 years ago
I believe this is addressed by #18. It is switched to CBC mode and is using a sha256 hash on the "secret key" as the encryption key. Thus makes use of MCRYPT_RIJNDAEL_128 and uses a 256-bit key.
This is not AES and the ECB is not considered secure. You should use CBC mode and MCRYPT_RIJNDAEL_128 using 256-bit key, as suggested by @westinpigott.
Moreover, you cannot have only encryption, you need also authentication for security reason (for instance, using HMAC SHA-256). See this slides for more information: http://www.zimuel.it/slides/midwestphp2016/encryption
You can see how I implemented it in this project: https://github.com/ezimuel/phpcrypto/blob/master/src/Symmetric.php
Finally, the MCrypt extension is going to be deprecated from PHP 7.1, I suggest to use OpenSSL instead.
I'm having problems with this part:
MCRYPT_RIJNDAEL_256 is not AES (http://stackoverflow.com/questions/4537099/problem-with-aes-256-between-java-and-php/4539318#4539318).
MCRYPT_MODE_ECB doesn't use an IV (http://stackoverflow.com/questions/1789709/is-it-possible-to-use-aes-with-an-iv-in-ecb-mode). So why are you setting one?