From 88bfce96d43b5c067ea8a0c6fed3f103320f534d Mon Sep 17 00:00:00 2001 From: ekerazha Date: Sat, 4 May 2013 21:15:24 +0300 Subject: [PATCH 1/2] Use AES-192 for encryption --- framework/helpers/base/SecurityHelper.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/framework/helpers/base/SecurityHelper.php b/framework/helpers/base/SecurityHelper.php index 6ba48ba..e2f2215 100644 --- a/framework/helpers/base/SecurityHelper.php +++ b/framework/helpers/base/SecurityHelper.php @@ -42,7 +42,8 @@ class SecurityHelper public static function encrypt($data, $key) { $module = static::openCryptModule(); - $key = StringHelper::substr($key, 0, mcrypt_enc_get_key_size($module)); + // 192-bit (24 bytes) key size + $key = StringHelper::substr($key, 0, 24); srand(); $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($module), MCRYPT_RAND); mcrypt_generic_init($module, $key, $iv); @@ -63,7 +64,8 @@ class SecurityHelper public static function decrypt($data, $key) { $module = static::openCryptModule(); - $key = StringHelper::substr($key, 0, mcrypt_enc_get_key_size($module)); + // 192-bit (24 bytes) key size + $key = StringHelper::substr($key, 0, 24); $ivSize = mcrypt_enc_get_iv_size($module); $iv = StringHelper::substr($data, 0, $ivSize); mcrypt_generic_init($module, $key, $iv); @@ -148,7 +150,8 @@ class SecurityHelper if (!extension_loaded('mcrypt')) { throw new InvalidConfigException('The mcrypt PHP extension is not installed.'); } - $module = @mcrypt_module_open('rijndael-256', '', MCRYPT_MODE_CBC, ''); + // AES uses a 128-bit block size + $module = @mcrypt_module_open('rijndael-128', '', MCRYPT_MODE_CBC, ''); if ($module === false) { throw new Exception('Failed to initialize the mcrypt module.'); } @@ -269,4 +272,4 @@ class SecurityHelper $salt .= str_replace('+', '.', substr(base64_encode($rand), 0, 22)); return $salt; } -} \ No newline at end of file +} From 14781584f9bacdff21ee03ec14dbb8c9bcf79e96 Mon Sep 17 00:00:00 2001 From: ekerazha Date: Sat, 4 May 2013 22:02:39 +0300 Subject: [PATCH 2/2] Use a string for the mode too The cipher is already specified as string --- framework/helpers/base/SecurityHelper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework/helpers/base/SecurityHelper.php b/framework/helpers/base/SecurityHelper.php index e2f2215..ed5bfd6 100644 --- a/framework/helpers/base/SecurityHelper.php +++ b/framework/helpers/base/SecurityHelper.php @@ -151,7 +151,7 @@ class SecurityHelper throw new InvalidConfigException('The mcrypt PHP extension is not installed.'); } // AES uses a 128-bit block size - $module = @mcrypt_module_open('rijndael-128', '', MCRYPT_MODE_CBC, ''); + $module = @mcrypt_module_open('rijndael-128', '', 'cbc', ''); if ($module === false) { throw new Exception('Failed to initialize the mcrypt module.'); }