StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POUse of Initialization Vector in openssl_encrypt
text
Body
copied!<p>I had a look at <a href="https://stackoverflow.com/questions/1391132/two-way-encryption-in-php">this</a> question, and wanted to do it for myself. When I ran this code (taken straight from <a href="https://stackoverflow.com/a/6639179/962144">this answer</a>):</p> <pre><code>$textToEncrypt = "My super secret information."; $encryptionMethod = "AES-256-CBC"; // AES is used by the U.S. gov't to encrypt top secret documents. $secretHash = "25c6c7ff35b9979b151f2136cd13b0ff"; //To encrypt $encryptedMessage = openssl_encrypt($textToEncrypt, $encryptionMethod, $secretHash, '1234567812345678'); //To Decrypt $decryptedMessage = openssl_decrypt($encryptedMessage, $encryptionMethod, $secretHash); //Result echo "Encrypted: $encryptedMessage <br>Decrypted: $decryptedMessage"; </code></pre> <p>However I get the warning</p> <pre><code>openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended </code></pre> <p>So I went and had a look at the <a href="http://www.php.net/manual/en/function.openssl-encrypt.php" rel="noreferrer">docs</a>, but there 'is no documentation'. I found this <a href="http://www.php.net/manual/en/function.openssl-encrypt.php#99188" rel="noreferrer">comment</a>, but still no mention of what the Initialization Vector should be and how I should use it. Can anyone enlighten me?</p> <p>I know I could have done some more Googleing, but Stackoverflow comes up first in so many search results I thought this question might be useful to anyone else who was having this problem.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload