mcrypt warning on update to php 5.6.2; Key of size x not supported

Question

We are getting the following warning after updating from PHP 5.5.18 to PHP 5.6.2:

mcrypt_decrypt(): Key of size 20 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported

The encryption algorithm appeared to work fine before this:

$decrypttext = mcrypt_decrypt(
  MCRYPT_RIJNDAEL_256,
  $this->keys[$key_label],
  $crypttext,
  MCRYPT_MODE_ECB,
  $iv
);

It would be a major pain to have to re-encrypt everything, is there something I can pad the key with so that it works the same way as before?

Presumably there aren't any security vulnerabilities here.

Answer 1

Before this change, keys of an invalid size were padded with \0 up to the next valid keysize, so presumably you should be able to do the same with your key by adding four null bytes \0\0\0\0 to the end.

Now the caveat is that of course this is a weak key that will not provide the intended level of security, but it isn't going to be any worse than it already was, and you have other significant security issues with how you're encrypting as well, such as the use of ECB mode which is generally disastrous for security.

So, when you do decide it's time to update, choosing a key of a valid size is only one of the changes that needs to be made, and you should probably be do this as soon as you feasibly can.