[php-maint] Bug#613815: php5: Using openssl_encrypt with an algorithm that doesn't need an IV produces a spurious warning

Chris Butler chrisb at debian.org
Thu Feb 17 13:21:47 UTC 2011


Sorry, meant to include an example:

    openssl_encrypt('cleartext', 'AES-256-ECB', 'key', true);
 
 => PHP Warning:  openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended 


ECB ciphers do not require an IV: EVP_CIPHER_iv_length returns 0.

-- 
Chris Butler <chrisb at debian.org>
  GnuPG Key ID: 4096R/49E3ACD3





More information about the pkg-php-maint mailing list