[php-maint] Bug#613815: php5: Using openssl_encrypt with an algorithm that doesn't need an IV produces a spurious warning
Chris Butler
chrisb at debian.org
Thu Feb 17 13:21:47 UTC 2011
Sorry, meant to include an example:
openssl_encrypt('cleartext', 'AES-256-ECB', 'key', true);
=> PHP Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended
ECB ciphers do not require an IV: EVP_CIPHER_iv_length returns 0.
--
Chris Butler <chrisb at debian.org>
GnuPG Key ID: 4096R/49E3ACD3
More information about the pkg-php-maint
mailing list