add a note

User Contributed Notes 8 notes

zelnaga at gmail dot com
4 years ago
If you're wanting to use mcrypt on a newer version of PHP where it's been deprecated try the shim for it instead:
nishanth at sintheetaa dot in
6 years ago
Issue Solved when installing php7.2-mcrypt

I was also facing the same issue. Check this link to get the right solution for installing it in PHP
Kyle T
6 years ago
This was posted before by another user but has been downvoted. I just wanted to confirm that we suffered massive performance issues related to mcrypt on CentOS (PHP 5.6.32) that are not present in other flavors of Linux.

A sampling of 25,000 encrypts/decrypts takes 4-5x longer when running mcrypt on Centos 7 as compared to Ubuntu. Switching out mcrypt for OpenSSL on Centos will result in a massive increase in performance.

For lower traffic website it can be negligible, but when you start seeing significant traffic/load it will quickly bring down a server.
Maarten Malaise
14 years ago
people using phpmyadmin are redirected to this manual if they don't have mcrypt installed. If you want to install mcrypt on debian, first check your php version:

yourserver# php --version

Then install the appropriate version of mcrypt (php5-mcrypt if your php version is 5.x)

yourserver# apt-get install php4-mcrypt
yourserver# apt-get install php5-mcrypt
simonhf at gmail dot com
8 years ago
Note that there are severe performance problems with PHP mcrypt on many CentOS versions. Please see this CentOS bug:
ghoffman at salientdigital dot com
13 years ago
If you want a quick way to see what ciphers, modes, key, block and iv sizes are supported on your server, try something like the following.

Note: I used this simple bash: `locate libmcrypt` from terminal on Mac OS X to determine the install paths to the algorithms and modes directories. Lots of function calls generate warnings for certain ciphers, hence the use of error suppression.


= mcrypt_list_modes();
$algorithms = mcrypt_list_algorithms();
$algorithms as $cipher)
"<h1 style=\"border-top:1px solid black;\">".$cipher."</h1>\n";
$modes as $mode)
$td = mcrypt_module_open(
$key_size = mcrypt_enc_get_key_size($td);
$block_size = mcrypt_get_block_size($cipher,$mode);
$iv_size = mcrypt_get_iv_size($cipher, $mode);
key_size: "
. ($key_size?$key_size:'n/a')
" block_size: ". ($block_size?$block_size:'n/a')
" iv_size: ". ($iv_size?$iv_size:'n/a')
" </pre>\n";

12 years ago
These are two simple functions I built for 256-bit encryption/decryption with mcrypt. I've decided to use MCRYPT_RIJNDAEL_128 because it's AES-compliant, and MCRYPT_MODE_CBC. (ECB mode is inadequate for many purposes because it does not use an IV.)

This function stores a hash of the data to verify that the data was decrypted successfully, but this could be easily removed if necessary.

function encrypt($decrypted, $password, $salt='!kQm*fF3pXe1Kbm%9') {
// Build a 256-bit $key which is a SHA256 hash of $salt and $password.
$key = hash('SHA256', $salt . $password, true);
// Build $iv and $iv_base64. We use a block size of 128 bits (AES compliant) and CBC mode. (Note: ECB mode is inadequate as IV is not used.)
srand(); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_RAND);
if (
strlen($iv_base64 = rtrim(base64_encode($iv), '=')) != 22) return false;
// Encrypt $decrypted and an MD5 of $decrypted using $key. MD5 is fine to use here because it's just to verify successful decryption.
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $decrypted . md5($decrypted), MCRYPT_MODE_CBC, $iv));
// We're done!
return $iv_base64 . $encrypted;

decrypt($encrypted, $password, $salt='!kQm*fF3pXe1Kbm%9') {
// Build a 256-bit $key which is a SHA256 hash of $salt and $password.
$key = hash('SHA256', $salt . $password, true);
// Retrieve $iv which is the first 22 characters plus ==, base64_decoded.
$iv = base64_decode(substr($encrypted, 0, 22) . '==');
// Remove $iv from $encrypted.
$encrypted = substr($encrypted, 22);
// Decrypt the data. rtrim won't corrupt the data because the last 32 characters are the md5 hash; thus any \0 character has to be padding.
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, base64_decode($encrypted), MCRYPT_MODE_CBC, $iv), "\0\4");
// Retrieve $hash which is the last 32 characters of $decrypted.
$hash = substr($decrypted, -32);
// Remove the last 32 characters from $decrypted.
$decrypted = substr($decrypted, 0, -32);
// Integrity check. If this fails, either the data is corrupted, or the password/salt was incorrect.
if (md5($decrypted) != $hash) return false;
// Yay!
return $decrypted;
Daniel Esteve
7 years ago
The Mcrypt library has been declared DEPRECATED since PHP 7.1, to use in its OpenSSL
To Top