Use openssl_encrypt to replace Mcrypt for 3DES-ECB encryption

前端 未结 1 1870
别那么骄傲
别那么骄傲 2020-11-29 12:58

I have an encryption method with mycrypt and the cipher is 3des, mode ecb:

mcrypt_module_open ( MCRYPT_3DES, \'\', \'ecb\', \'\' )
         


        
相关标签:
1条回答
  • 2020-11-29 13:35

    now I want to encrypt it use openssl_encrypt, and I did not find des3-ecb in openssl_get_cipher_methods() list.

    It's des-ede3. Symmetric encryption with a block cipher needs some kind of mode of operation. If you look through the list, you will see something like des-ede3, des-ede3-cbc, des-ede3-cfb and des-ede3-ofb. CBC, CFB and OFB are all named and the unnamed cipher must be the only other common mode of operation: ECB.


    Never use ECB mode. It's deterministic and therefore not semantically secure. You should at the very least use a randomized mode like CBC or CTR. It is better to authenticate your ciphertexts so that attacks like a padding oracle attack are not possible. This can be done with authenticated modes like GCM or EAX, or with an encrypt-then-MAC scheme.

    Don't use Triple DES nowadays. It only provides at best 112 bit of security even if you use the largest key size of 192 bit. If a shorter key size is used, then it only provides 56 or 57 bits of security. AES would be faster (processors have a special AES-NI instruction set) and even more secure with the lowest key size of 128 bit. There is also a practical limit on the maximum ciphertext size with 3DES. See Security comparison of 3DES and AES.

    0 讨论(0)
提交回复
热议问题