php-openssl-cryptor icon indicating copy to clipboard operation
php-openssl-cryptor copied to clipboard

Published 20 hours ago verified publisher icon ioncube

$iv should not be const/static

Open gajosadrian opened this issue 2 years ago • 0 comments

According to the documentation, $iv (A non-null initialization vector) in openssl_encrypt as well in openssl_decrypt should be random in every environment. However, currently, it is static for the PHP package. For AES-256-CTR it should be 16 bytes.

https://github.com/ioncube/php-openssl-cryptor/blob/f62397b536e910f5c17e187f897a8255ae915dcd/src/Cryptor.php#L61

gajosadrian avatar Feb 24 '23 18:02 gajosadrian