PHP :: Doc Bug #64041 :: Example shows unsafe use of encryption

Doc Bug #64041	Example shows unsafe use of encryption
Submitted:	2013-01-21 20:48 UTC	Modified:	2013-06-07 20:04 UTC
From:	pawel dot krawczyk at hush dot com	Assigned:
Status:	Duplicate	Package:	Documentation problem
PHP Version:	Irrelevant	OS:	n/a
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 18 - 16 = ?
Subscribe to this entry?

[2013-01-21 20:48 UTC] pawel dot krawczyk at hush dot com

Description:
------------
---
From manual page: http://www.php.net/function.mcrypt-encrypt#refsect1-
function.mcrypt-encrypt-examples
---

The mcrypt_encrypt() example shows simple encryption using ECB mode and with no 
message integrity validation. This is then being copied by people in production 
applications, creating vulnerabilies. It would help a lot if the example also 
added HMAC calculation for the message. Its validation should be added to 
mcrypt_decrypt() function.

http://php.net/manual/en/function.hash-hmac.php

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-06-07 20:04 UTC] nikic@php.net

-Status: Open +Status: Duplicate

[2013-06-07 20:04 UTC] nikic@php.net

Has been fixed, see duplicate bug: https://bugs.php.net/bug.php?id=62453

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Apr 28 20:01:29 2024 UTC