mcrypt更新到php 5.6.2的警告；不支持大小为x的密钥 [英] mcrypt warning on update to php 5.6.2; Key of size x not supported

问题描述

从PHP 5.5.18更新到PHP 5.6.2后，我们得到以下警告:

We are getting the following warning after updating from PHP 5.5.18 to PHP 5.6.2:

mcrypt_decrypt(): Key of size 20 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported

在此之前，加密算法似乎运行良好:

The encryption algorithm appeared to work fine before this:

$decrypttext = mcrypt_decrypt(
  MCRYPT_RIJNDAEL_256,
  $this->keys[$key_label],
  $crypttext,
  MCRYPT_MODE_ECB,
  $iv
);

必须重新加密所有内容，这会是一个很大的痛苦，我可以用什么东西来填充密钥，以便它与以前一样工作吗?

It would be a major pain to have to re-encrypt everything, is there something I can pad the key with so that it works the same way as before?

大概这里没有任何安全漏洞.

Presumably there aren't any security vulnerabilities here.

推荐答案

在进行此更改之前，使用\0填充无效大小的密钥，直到下一个有效密钥大小，因此大概可以对您的密钥，方法是在末尾添加四个空字节\0\0\0\0.

Before this change, keys of an invalid size were padded with \0 up to the next valid keysize, so presumably you should be able to do the same with your key by adding four null bytes \0\0\0\0 to the end.

现在需要警告的是，这当然是一个弱密钥，不会提供预期的安全级别，但是它不会比已经存在的情况更糟，并且在如何处理方面还存在其他重大的安全问题.还进行了加密，例如使用ECB模式，这对于安全性来说通常是灾难性的.

Now the caveat is that of course this is a weak key that will not provide the intended level of security, but it isn't going to be any worse than it already was, and you have other significant security issues with how you're encrypting as well, such as the use of ECB mode which is generally disastrous for security.

因此，当您确定要更新时，选择有效大小的密钥只是需要进行的更改之一，您可能应该尽快进行更改您可以做到.

So, when you do decide it's time to update, choosing a key of a valid size is only one of the changes that needs to be made, and you should probably be do this as soon as you feasibly can.

这篇关于mcrypt更新到php 5.6.2的警告；不支持大小为x的密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！