fancy_duck6
Reputation: 167
mcrypt_create_iv returns undefined variable
My encryption/iv code doesn't work. Whenever I test the login I get this error
Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in /Users/luke/Sites/user.php on line 174
I have tracked it down to this line
$size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_URANDOM);
$method = "aes-128-cbc";
$passWord = mcrypt_create_iv($size, MCRYPT_DEV_URANDOM);
$verificationNumber = openssl_encrypt($passWord, $method, $iv);
Mcrypt is installed fine as shown by this.
Can you help or do i possibly need to provide more code?
Upvotes: 2
Views: 339
Answers (1)
zaph
Reputation: 112855
You are getting the iv size for "CAST": MCRYPT_CAST_256 but you are encryption with "aes-128-cbc". That is an algorithm mis-match.
The CAST block size is 64-bits, the AES block size if 128-bits. Instead use MCRYPT_RIJNDAEL_128, AES is a subset of Rijndael with a block of 128-bits.
Upvotes: 1
Related Questions
- Sagepay/Opayo PHP 7.4 integration without mcrypt
- "Notice: Undefined variable", "Notice: Undefined index", "Warning: Undefined array key", and "Notice: Undefined offset" using PHP
- Decrypting using Go a string encrypted in php using MCRYPT_RIJNDAEL_256
- How to fix openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in laravel?
- php openssl_encrypt returns 2648 bytes
- How to change Java AES ‐ CBC with PKCS5 Padding to PHP
- Can't decrypt using pgcrypto from AES-256-CBC but AES-128-CBC is OK
- How to replicate MySQL's aes-256-cbc in PHP
- Mcrypt for rijndael-128 : how do I set the Initialization Vector?