mcrypt warning on update to php 5.6.2; Key of size x not supported

后端 未结 1 936
谎友^
谎友^ 2021-01-18 22:43

We are getting the following warning after updating from PHP 5.5.18 to PHP 5.6.2:

mcrypt_decrypt(): Key of size 20 not supported by this algorithm. Only keys         


        
相关标签:
1条回答
  • 2021-01-18 23:30

    Before this change, keys of an invalid size were padded with \0 up to the next valid keysize, so presumably you should be able to do the same with your key by adding four null bytes \0\0\0\0 to the end.

    Now the caveat is that of course this is a weak key that will not provide the intended level of security, but it isn't going to be any worse than it already was, and you have other significant security issues with how you're encrypting as well, such as the use of ECB mode which is generally disastrous for security.

    So, when you do decide it's time to update, choosing a key of a valid size is only one of the changes that needs to be made, and you should probably be do this as soon as you feasibly can.

    0 讨论(0)
提交回复
热议问题