PHP 7.1.2 Released


add a note add a note

User Contributed Notes 6 notes

5 years ago
These are two simple functions I built for 256-bit encryption/decryption with mcrypt.  I've decided to use MCRYPT_RIJNDAEL_128 because it's AES-compliant, and MCRYPT_MODE_CBC.  (ECB mode is inadequate for many purposes because it does not use an IV.)

This function stores a hash of the data to verify that the data was decrypted successfully, but this could be easily removed if necessary.

function encrypt($decrypted, $password, $salt='!kQm*fF3pXe1Kbm%9') {
// Build a 256-bit $key which is a SHA256 hash of $salt and $password.
$key = hash('SHA256', $salt . $password, true);
// Build $iv and $iv_base64.  We use a block size of 128 bits (AES compliant) and CBC mode.  (Note: ECB mode is inadequate as IV is not used.)
srand(); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_RAND);
if (
strlen($iv_base64 = rtrim(base64_encode($iv), '=')) != 22) return false;
// Encrypt $decrypted and an MD5 of $decrypted using $key.  MD5 is fine to use here because it's just to verify successful decryption.
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $decrypted . md5($decrypted), MCRYPT_MODE_CBC, $iv));
// We're done!
return $iv_base64 . $encrypted;

decrypt($encrypted, $password, $salt='!kQm*fF3pXe1Kbm%9') {
// Build a 256-bit $key which is a SHA256 hash of $salt and $password.
$key = hash('SHA256', $salt . $password, true);
// Retrieve $iv which is the first 22 characters plus ==, base64_decoded.
$iv = base64_decode(substr($encrypted, 0, 22) . '==');
// Remove $iv from $encrypted.
$encrypted = substr($encrypted, 22);
// Decrypt the data.  rtrim won't corrupt the data because the last 32 characters are the md5 hash; thus any \0 character has to be padding.
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, base64_decode($encrypted), MCRYPT_MODE_CBC, $iv), "\0\4");
// Retrieve $hash which is the last 32 characters of $decrypted.
$hash = substr($decrypted, -32);
// Remove the last 32 characters from $decrypted.
$decrypted = substr($decrypted, 0, -32);
// Integrity check.  If this fails, either the data is corrupted, or the password/salt was incorrect.
if (md5($decrypted) != $hash) return false;
// Yay!
return $decrypted;
Maarten Malaise
6 years ago
people using phpmyadmin are redirected to this manual if they don't have mcrypt installed. If you want to install mcrypt on debian, first check your php version:

yourserver# php --version

Then install the appropriate version of mcrypt (php5-mcrypt if your php version is 5.x)

yourserver# apt-get install php4-mcrypt
yourserver# apt-get install php5-mcrypt
ghoffman at salientdigital dot com
6 years ago
If you want a quick way to see what ciphers, modes, key, block and iv sizes are supported on your server, try something like the following.

Note: I used this simple bash: `locate libmcrypt` from terminal on Mac OS X to determine the install paths to the algorithms and modes directories. Lots of function calls generate warnings for certain ciphers, hence the use of error suppression.


= mcrypt_list_modes();
$algorithms = mcrypt_list_algorithms();
$algorithms as $cipher)
"<h1 style=\"border-top:1px solid black;\">".$cipher."</h1>\n";
$modes as $mode)
$td = mcrypt_module_open(
$key_size = mcrypt_enc_get_key_size($td);
$block_size = mcrypt_get_block_size($cipher,$mode);
$iv_size = mcrypt_get_iv_size($cipher, $mode);
            key_size: "
. ($key_size?$key_size:'n/a')
"    block_size: ". ($block_size?$block_size:'n/a')
"    iv_size: ". ($iv_size?$iv_size:'n/a')
"  </pre>\n";

Daniel Esteve
1 month ago
The Mcrypt library has been declared DEPRECATED since PHP 7.1, to use in its OpenSSL
info at nepda dot eu
30 days ago
All mcrypt functions are deprecated as of PHP 7.1!

In all function docs you will find this: "Warning: This function has been DEPRECATED as of PHP 7.1.0. Relying on this function is highly discouraged."
simonhf at gmail dot com
1 year ago
Note that there are severe performance problems with PHP mcrypt on many CentOS versions. Please see this CentOS bug:
To Top