|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #78608 Security error in documentation
Submitted: 2019-09-29 07:41 UTC Modified: 2019-10-02 17:09 UTC
Avg. Score:4.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: gcleaves at gmail dot com Assigned:
Status: Open Package: *Encryption and hash functions
PHP Version: Irrelevant OS: n/a
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
Solve the problem:
28 - 24 = ?
Subscribe to this entry?

 [2019-09-29 07:41 UTC] gcleaves at gmail dot com
From manual page:
Please note that at the time of writing this, there is an important and naive security vulnerability in "Example #2 AES Authenticated Encryption example for PHP 5.6+".

You MUST include the IV when calculating the HMAC. Otherwise, somebody could alter the IV during transport, thereby changing the decrypted message while maintaining HMAC integrity. An absolute disaster.

To fix the example, the HMAC should be calculated like this:

$hmac = hash_hmac('sha256', $iv.$ciphertext_raw, $key, $as_binary=true);

And to confirm the HMAC later:

$calcmac = hash_hmac('sha256', $iv.$ciphertext_raw, $key, $as_binary=true);


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2019-10-02 17:00 UTC] henry dot paradiz at gmail dot com
Just to confirm: you do understand that HMAC is no longer supported by PHP; therefore, we must use CBC with message|key. In addition, because we are now using the CBC standard we no longer need to worry about the IV. MD5 and Sha-1 are really what did it out with HMAC, highly crackable, highly incorrect. You can use the following line of code as a replacement:


if( 1==1 ) {

$password = 'plainText';

$cbc = hash_cbc('sha256', $password);

echo $cbc.$password; 

} else {

// do HMAC (in an older PHP version like 5.3)

 [2019-10-02 17:09 UTC]
> Just to confirm: you do understand that HMAC is no longer supported by PHP;
Uh, what?
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Fri Mar 31 04:03:39 2023 UTC