|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2007-11-12 10:05 UTC] tony2001@php.net
[2007-12-01 17:20 UTC] derick@php.net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sun Dec 22 04:01:29 2024 UTC |
Description: ------------ This warning makes sense for the other block cipher modes, but when using MCRYPT_MODE_ECB the initialization vector is not used at all, so it is misleading to recommend using one. In fact there should be a notice/warning when an IV is supplied with mode MCRYPT_MODE_ECB to alert that the IV is ignored. Reproduce code: --------------- <?php $input = 'to be encrypted'; $mkey = hash('sha256', 'secret key', TRUE); $data = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $mkey, $input, MCRYPT_MODE_ECB); ?> Expected result: ---------------- no warning Actual result: -------------- PHP Warning: mcrypt_encrypt(): Attempt to use an empty IV, which is NOT recommend