php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67286 Warning: mcrypt_encrypt(): Only keys of size 24 supported
Submitted: 2014-05-15 14:49 UTC Modified: 2014-05-15 21:13 UTC
Votes:18
Avg. Score:4.2 ± 1.1
Reproduced:14 of 14 (100.0%)
Same Version:11 (78.6%)
Same OS:10 (71.4%)
From: mengxiangbaidu at qq dot com Assigned:
Status: Wont fix Package: mcrypt related
PHP Version: 5.6.0beta2 OS: windows
Private report: No CVE-ID: None
 [2014-05-15 14:49 UTC] mengxiangbaidu at qq dot com
Description:
------------
php version <= 5.5.12

string(6) "zxcvbn"

Warning: mcrypt_encrypt(): Key of size 32 not supported by this algorithm.  in /test.php on line 9

Warning: mcrypt_decrypt(): Key of size 32 not supported by this algorithm.  in /test.php on line 17
string(0) "zxcvbn"


php version >= 5.6

string(6) "zxcvbn"

Warning: mcrypt_encrypt(): Key of size 32 not supported by this algorithm. Only keys of size 24 supported in /test.php on line 9

Warning: mcrypt_decrypt(): Key of size 32 not supported by this algorithm. Only keys of size 24 supported in /test.php on line 17
string(0) ""

================

I know this warning is good thing 。  If you are upgrading php 5.5 to 5.6 ,   the php program does not work 。This maybe a serious problem。




Test script:
---------------
<?php
function encrypt($data, $key) {

    $block = mcrypt_get_block_size(MCRYPT_TRIPLEDES, MCRYPT_MODE_ECB);
    $pad = $block - (strlen($data) % $block);
    $data .= str_repeat(chr($pad), $pad);

    $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_TRIPLEDES, MCRYPT_MODE_ECB), MCRYPT_RAND);
    $encrypted = mcrypt_encrypt(MCRYPT_TRIPLEDES, $key, $data, MCRYPT_MODE_ECB, $iv);

    return $encrypted;
}

function decrypt($data, $key) {

    $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_TRIPLEDES, MCRYPT_MODE_ECB), MCRYPT_RAND);
    $data = mcrypt_decrypt(MCRYPT_TRIPLEDES, $key, $data, MCRYPT_MODE_ECB, $iv);

    $block = mcrypt_get_block_size(MCRYPT_TRIPLEDES, MCRYPT_MODE_ECB);
    $pad = ord($data[($len = strlen($data)) - 1]);
    $decrypted = substr($data, 0, strlen($data) - $pad);

    return rtrim($decrypted);
}
$key = md5('asdfgh');
$original_data = 'zxcvbn';
var_dump($original_data);
$data = encrypt($original_data, $key);
$data = base64_encode($data);
$data = base64_decode($data);
$data = decrypt($data, $key);
var_dump($data);

Expected result:
----------------
string(6) "zxcvbn"

Warning: mcrypt_encrypt(): Key of size 32 not supported by this algorithm. Only keys of size 24 supported in /test.php on line 9

Warning: mcrypt_decrypt(): Key of size 32 not supported by this algorithm. Only keys of size 24 supported in /test.php on line 17
string(0) "zxcvbn"

Actual result:
--------------
string(6) "zxcvbn"

Warning: mcrypt_encrypt(): Key of size 32 not supported by this algorithm. Only keys of size 24 supported in /test.php on line 9

Warning: mcrypt_decrypt(): Key of size 32 not supported by this algorithm. Only keys of size 24 supported in /test.php on line 17
string(0) ""



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-05-15 16:37 UTC] levim@php.net
Bug 67287 is a duplicate of this one.
 [2014-05-15 21:13 UTC] nikic@php.net
-Status: Open +Status: Wont fix
 [2014-05-15 21:13 UTC] nikic@php.net
The warning was added to prevent usage of encryption primitives with malformed key data. It's there to catch code like the one you have provided, where use of incorrect keys compromises the security of the entire encryption. It won't be going away.

Btw, just so it has been said, the key you are using has several issues:

 * You are using hex output of md5, instead of binary output. Effectively this means that you're loosing half of the entropy.
 * You are using md5 as a KDF - unless you already pass strong keying material to it, this is by no means safe - if you need to start off weak keying material, the use of PBKDF2 or similar is required.
 * I assume that you are not actually passing a 6 character string to md5, but if you do, that's way too short. E.g. a random base64 string with 6 characters only has 36 bits of entropy.

Furthermore you're using the insecure ECB block chaining mode.
 [2014-09-23 22:51 UTC] dharkness at gmail dot com
@nikic

I don't know if you noticed (it took a couple of readings for me to spot it), but this bug isn't about the warning message. The problem is that it produces a different and incorrect result.

* with 5.5 you get the warning (ok) and the correct decrypted message (good)
* with 5.6 you get the warning (ok) but the *incorrect* decrypted message (bad)

Insecure code should cause a warning but still work correctly where possible.
 [2014-10-15 18:36 UTC] gm dot outside+php at gmail dot com
I agree, something fishy is going on with that code.  I recently filed another bug report (bug #68238), it looks like the source of the bug is the same.  However, @nikic was quick enough there to close it as "not a bug", but truth to be told all applications which rely on the mcrypt extension are broken with PHP 5.6+ now. :(
 [2016-05-18 08:31 UTC] wcode404 at gmail dot com
This bug is still relevant. In my project, encryption is used to communicate with external applications and i can not change the encryption key is in them.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 12:01:31 2024 UTC