Einführung

Warnung

Dieses Feature wurde in PHP 7.1.0 als DEPRECATED (veraltet) markiert und in PHP 7.2.0 REMOVED (entfernt).

Alternativ können die folgenden Features verwendet werden:

Hinweis:

Diese Erweiterung wurde ins » PECL-Repositorium verschoben und ist nicht mehr Teil von PHP ab PHP 7.2.0.

Dies ist eine Schnittstelle zur mcrypt Bibliothek, welche eine breite Spanne von Block-Algorythmen wie DES, TripleDES, Blowfish(standard), 3-WAY, SAFER-SK64, SAFER-SK128, TWOFISH, TEA, RC2 und GOST in den Chiffriermodi CBC, CFB, CFB und ECB unterstützt. Darüber hinaus unterstützt es auch RC6 und IDEA, welche als "nicht frei" gelten. CFB/OFB sind standardmäßig 8bit.

add a note add a note

User Contributed Notes 3 notes

up
-29
info at neutrosolutions dot com
6 years ago
On AWS Amazon Linux if you are using php 7.0.X version
then please use this command to install mcrypt library.

[ec2-user@12.123.123.123 ~] sudo yum install php70-mcrypt
up
-32
enclaved
6 years ago
Avoiding mcrypt is only half of the advice. The other half: NEVER do crypto in PHP in the first place! It is a very sloppy and most likely insecure enterprise. If you think you need PHP-based crypto to do something, then be advised that this fact is an alarming signal that something about your application design is very wrong. PHP is neither the right tool nor the right environment for cryptography. Just remember this single rule of thumb: cryptographic secrets must never cross subsystem/layer boundaries:

    Database <-- ! --> CGI program <-- ! --> HTTP server

Cryptographic tasks are performed either by the HTTP server (e.g. authentication of users with client SSL certificates) or the RDBMS (e.g. password-based access to data), and these tasks must be ENCAPSULATED inside the facility, self-contained. For example, if you store KDF-derived digests of passwords in an SQL database, you must NOT compare digests in PHP, but only in SQL queries or stored procedures. Once produced and put into the database, a password digest (or any other sensitive data) must not exit it in any way as-is, be it a SELECT query or some other way, that is considered a leak in the cryptosystem. Use ONLY database-provided means to perform any crypto operations.

As PostgreSQL is the usual database of choice for technically advanced and sound WWW or intranet sites, my advice is to use its pgcrypto extension, it is mature, well-tested, and has all the right tools. Here's a textbook password handling example to illustrate how secrets can be confined within the database layer without extracting them into the PHP layer. Password digest derivation and storing:

    INSERT INTO account (digest) VALUES (crypt('password', gen_salt('bf'));

Verification:

    SELECT digest = crypt('password', gen_salt(digest)) FROM account;

Exceptionally simple, elegant, clean, and secure (Blowfish is more than enough for user-set passwords), isn't it? And the best part about it: no PHP involved in crypto!
up
-32
c dot light93 at gmail dot com
8 years ago
if you get a "The mcrypt extension is missing" alert somewhere, use
"sudo php5enmod mcrypt" and restart your server to enable it.
To Top