ID: 43143 Updated by: [EMAIL PROTECTED] Reported By: dylan at wedefy dot com -Status: Assigned +Status: Closed Bug Type: mcrypt related Operating System: Windows XP PHP Version: 5.2.4 Assigned To: derick New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2007-11-12 10:05:06] [EMAIL PROTECTED] Assigned to the maintainer. ------------------------------------------------------------------------ [2007-10-30 14:21:58] dylan at wedefy dot com Description: ------------ This warning makes sense for the other block cipher modes, but when using MCRYPT_MODE_ECB the initialization vector is not used at all, so it is misleading to recommend using one. In fact there should be a notice/warning when an IV is supplied with mode MCRYPT_MODE_ECB to alert that the IV is ignored. Reproduce code: --------------- <?php $input = 'to be encrypted'; $mkey = hash('sha256', 'secret key', TRUE); $data = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $mkey, $input, MCRYPT_MODE_ECB); ?> Expected result: ---------------- no warning Actual result: -------------- PHP Warning: mcrypt_encrypt(): Attempt to use an empty IV, which is NOT recommend ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=43143&edit=1
