|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #52989 the mcrypt_encrypt and mcrypt_decrypt functions are not accurate working.
Submitted: 2010-10-05 06:24 UTC Modified: 2010-10-13 12:44 UTC
From: info at wtovn dot com Assigned:
Status: Not a bug Package: *Encryption and hash functions
PHP Version: 5.3SVN-2010-10-05 (snap) OS: WIN32
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: info at wtovn dot com
New email:
PHP Version: OS:


 [2010-10-05 06:24 UTC] info at wtovn dot com
the mcrypt_encrypt and mcrypt_decrypt functions are not accurate working. 
please see script below.

Test script:
    $data = "Cộng hòa xã hội chủ nghĩa việt nam, độc lập tự do hạnh phúc";   
    $iv_size = mcrypt_get_iv_size(MCRYPT_3DES, MCRYPT_MODE_ECB);   
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);   
    $key = "01";
    $crypttext = mcrypt_encrypt(MCRYPT_3DES, $key, $data, MCRYPT_MODE_ECB, $iv);   
    $key = "10";   
    $decrypt = mcrypt_decrypt (MCRYPT_3DES, $key , $crypttext , MCRYPT_MODE_ECB, $iv) ;  

then result are :

    $data = $decrypt ????


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2010-10-13 04:01 UTC] uramihsayibok at gmail dot com
Not a bug. It's due to the nature of DES.

The least significant bit of each byte in the key is NOT USED, and the only difference between the characters '0' and '1' is that least significant bit. You can see the same behavior swapping 'B' and 'C', 'P' and 'Q', and 'x' and 'y' (to give some examples). Generically, any even-numbered ASCII character can be swapped with its n+1 neighbor, and vice versa.

Separately: ECB mode does not use IVs so $iv is pointless.
 [2010-10-13 12:44 UTC]
-Status: Open +Status: Bogus
 [2010-10-13 12:44 UTC]
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at and the instructions on how to report
a bug at

Thanks for the explanation uramihsayibok; I did not know this.
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue Nov 19 07:01:33 2019 UTC