Menu
I have been making heavy use of mcrypt in my php app for years, both on win/IIS and on linux. Although I'm running PHP 5.4.28 on my linux server, I just upgraded to PHP 5.6.11 on my windows 8.1 IIS box. And mcrypt no longer works. It doesn't throw any errors that I can see; it just doesn't work. Here is my encryption function:
function Encrypt($text){
global $salt;
if($text != "")
return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $salt, $text, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))));
else
return "";
}
This works fine on my linux server, but returns blank on my local windows box. From what I have read, mcrypt is built into php 5.6 for windows, so there should be no fiddling with extensions or ini file.
What am I missing?
722
You can install Mcrypt from the PHP Source Tree as a module if you choose. Enable the module by adding: 'extension=mcrypt.so' to PHP. ini. Done!
ext/mcrypt ¶ The mcrypt extension has been abandonware for nearly a decade now, and was also fairly complex to use. It has therefore been deprecated in favour of OpenSSL, where it will be removed from the core and into PECL in PHP 7.2.
Determine if the mcrypt extension is loaded in any of the following ways: Set up a phpinfo. php file in the web server's root directory and examine the output in a web browser. Run the following command: $ php -r "phpinfo();" | grep mcrypt.
The Mcrypt extension is an interface to encrypt the Mcrypt cryptographic library. This extension enables PHP code to use mcrypt. Earlier this extension was available in PHP. But for PHP 7.2+ and higher, the mcrypt extension is available only in the PECL repository.
Let's look at your code piece by piece. (With mostly cosmetic/whitespace changes.)
function Encrypt($text)
{
global $salt; // Why not make this a second parameter?
if($text != "") { // An unusual check, for sure
return trim( // base64_encode doesn't leave whitespace
base64_encode(
mcrypt_encrypt(
MCRYPT_RIJNDAEL_256, // This is a non-standard variant of the
// Rijndael cipher. You want to use the
// MCRYPT_RIJNDAEL_128 constant if you
// wanted to use AES here.
$salt, // This is a key, not a salt!
$text,
MCRYPT_MODE_ECB, // ECB mode is the worst mode to use for
// cryptography. Among other reasons, it
// doesn't even use the IV. Search for
// ECB penguins for an idea of why ECB
// mode is such a bad idea.
mcrypt_create_iv(
mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB),
MCRYPT_RAND // You're using ECB mode so this is a waste
// anyway, but you should use
// MCRYPT_DEV_URANDOM instead of MCRYPT_RAND
)
)
)
);
}
return "";
}
I would strongly recommend that you don't use this function for anything. It's not secure. Don't use ECB mode.
Furthermore, unauthenticated encryption is dangerous and libmcrypt is abandonware.
104
PHP 5.6 has stronger encryption requirements than 5.4. In 5.6 you'll get this warning, which is really an error because it actually causes encryptions and decryptions to fail:
Warning: mcrypt_encrypt(): Key of size xx not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported.
...where "xx" is the length of your salt value. So the salt value has to be exactly 16, 24, or 32 characters in length.
5
I don't have an answer, but this is rather long for a comment.
It doesn't throw any errors that I can see
Have you tested your configuration to verify that you can you see errors when they occur?
but returns blank on my local windows box
If it's returning then it's not causing a fatal error. Hence the mcrypt functions are defined. Have you checked that the constants are defined? Have you checked that the version of libmcrypt matches the PHP extension requirement?
Have you checked that the inputs to the mcrypt_*() functions look sensible?
return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $salt, $text, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))));
Even if the above worked, its a horrible bit of code. The reason for writing code and using high level languages is not so your computer can understand them but so human beings can understand the code:
$iv=mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$encypted=mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $salt, $text, MCRYPT_MODE_ECB
, $iv, MCRYPT_RAND);
$encoded=base64_encode($encrypted);
return $encoded;
(laying your code out like this also makes it simpler to inject checks, breakpoints and other debugging measures).
3
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
