[php-maint] Bug#613815: php5: Using openssl_encrypt with an algorithm that doesn't need an IV produces a spurious warning

Chris Butler chrisb at debian.org
Thu Feb 17 13:21:47 UTC 2011

Sorry, meant to include an example:

    openssl_encrypt('cleartext', 'AES-256-ECB', 'key', true);
 => PHP Warning:  openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended 

ECB ciphers do not require an IV: EVP_CIPHER_iv_length returns 0.

Chris Butler <chrisb at debian.org>
  GnuPG Key ID: 4096R/49E3ACD3

More information about the pkg-php-maint mailing list