News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

LeaseWebLabs.com:
Lessons learned implementing AES in PHP using Mcrypt
February 28, 2014 @ 09:37:45

The LeaseWebLabs.com site has a new post talking about some of their difficulties (and lessons learned) when implementing AES in PHP with mcrypt for a recent project.

The Advanced Encryption Standard (AES) is the successor of triple DES. When you need a standardized, secure, high performance symmetric cipher it seems like a good choice. Wi-Fi network traffic is encrypted with AES for instance. Also when you want to securely store data in a database or on disk you could choose AES. Many SSDs store data internally using AES encryption. PHP supports AES through "mcrypt". On Debian based systems (like Ubuntu and Mint) you can install it using "sudo apt-get install php5-mcrypt".

With no direct support for AES in mcrypt, they decided on Rijndael-128 instead and include some code examples of getting its key and block size. They also include an example of the dynamic typing PHP does when converting a string to an integer and the "key padding" PHP automatically does if the key length it too short. A few other problems they discovered during implementation are mentioned as well including null padding on strings and PHP's ignoring of a wrong size initialization vector (no padding, just an error).

0 comments voice your opinion now!
leaseweblabs mcrypt implement aes rijndael

Link: http://www.leaseweblabs.com/2014/02/aes-php-mcrypt-key-padding/

blog comments powered by Disqus

Similar Posts

Timothy Boronczyk's Blog: Evil Access (a Database Class)

Jeremy Brown's Blog: 3 Tenets for Implementing a REST API

Rob Allen: Setting up PHP & MySQL on OS X Yosemite

Derick Rethans' Blog: Namespaces in PHP

Pádraic Brady: Predicting Random Numbers In PHP - Itís Easier Than You Think!


Community Events





Don't see your event here?
Let us know!


interview symfony podcast release artisanfiles library voicesoftheelephpant conference language tool version opinion framework security series laravel introduction list community composer

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework