多年来,我一直在我的PHP应用程序中大量使用mcrypt,无论是在win / IIS还是在
linux上.虽然我在我的
linux服务器上运行
PHP 5.4.28,但我刚刚在Windows 8.1 IIS框中升级到PHP 5.6.11.并且mcrypt不再有效.它没有抛出我能看到的任何错误;它只是不起作用.这是我的加密功能:
function Encrypt($text){
global $salt;
if($text != "")
return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256,$salt,$text,MCRYPT_MODE_ECB,mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256,MCRYPT_MODE_ECB),MCRYPT_RAND))));
else
return "";
}
这在我的Linux服务器上工作正常,但在我的本地Windows框中返回空白.根据我的阅读,mcrypt内置于PHP 5.6 for windows中,因此不应该使用扩展或ini文件.
我错过了什么?
让我们一块一块地看看你的代码. (主要是化妆品/空白变化.)
function Encrypt($text)
{
global $salt; // Why not make this a second parameter?
if($text != "") { // An unusual check,for sure
return trim( // base64_encode doesn't leave whitespace
base64_encode(
mcrypt_encrypt(
MCRYPT_RIJNDAEL_256,// This is a non-standard variant of the
// Rijndael cipher. You want to use the
// MCRYPT_RIJNDAEL_128 constant if you
// wanted to use AES here.
$salt,// This is a key,not a salt!
$text,// ECB mode is the worst mode to use for
// cryptography. Among other reasons,it
// doesn't even use the IV. Search for
// ECB penguins for an idea of why ECB
// mode is such a bad idea.
mcrypt_create_iv(
mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256,MCRYPT_RAND // You're using ECB mode so this is a waste
// anyway,but you should use
// MCRYPT_DEV_URANDOM instead of MCRYPT_RAND
)
)
)
);
}
return "";
}
我强烈建议您不要使用此功能.这不安全. Don’t use ECB mode.
此外,unauthenticated encryption is dangerous和libmcrypt is abandonware.
