ConFoo 2025

Mcrypt

add a note

User Contributed Notes 7 notes

up
8
zelnaga at gmail dot com
5 years ago
If you're wanting to use mcrypt on a newer version of PHP where it's been deprecated try the shim for it instead:

https://github.com/phpseclib/mcrypt_compat
up
4
nishanth at sintheetaa dot in
6 years ago
Issue Solved when installing php7.2-mcrypt

I was also facing the same issue. Check this link https://stackoverflow.com/q/48275494/7713811 to get the right solution for installing it in PHP
up
1
Maarten Malaise
14 years ago
people using phpmyadmin are redirected to this manual if they don't have mcrypt installed. If you want to install mcrypt on debian, first check your php version:

yourserver# php --version

Then install the appropriate version of mcrypt (php5-mcrypt if your php version is 5.x)

yourserver# apt-get install php4-mcrypt
...or...
yourserver# apt-get install php5-mcrypt
up
0
Kyle T
7 years ago
This was posted before by another user but has been downvoted. I just wanted to confirm that we suffered massive performance issues related to mcrypt on CentOS (PHP 5.6.32) that are not present in other flavors of Linux.

A sampling of 25,000 encrypts/decrypts takes 4-5x longer when running mcrypt on Centos 7 as compared to Ubuntu. Switching out mcrypt for OpenSSL on Centos will result in a massive increase in performance.

For lower traffic website it can be negligible, but when you start seeing significant traffic/load it will quickly bring down a server.
up
0
simonhf at gmail dot com
9 years ago
Note that there are severe performance problems with PHP mcrypt on many CentOS versions. Please see this CentOS bug:
http://bugs.centos.org/view.php?id=8954
up
0
ghoffman at salientdigital dot com
14 years ago
If you want a quick way to see what ciphers, modes, key, block and iv sizes are supported on your server, try something like the following.

Note: I used this simple bash: `locate libmcrypt` from terminal on Mac OS X to determine the install paths to the algorithms and modes directories. Lots of function calls generate warnings for certain ciphers, hence the use of error suppression.

<?php

$modes
= mcrypt_list_modes();
$algorithms = mcrypt_list_algorithms();
foreach(
$algorithms as $cipher)
{
echo
"<h1 style=\"border-top:1px solid black;\">".$cipher."</h1>\n";
foreach(
$modes as $mode)
{
echo
"<h3>".$mode."</h3>\n";
@
$td = mcrypt_module_open(
$cipher,
'/usr/local/libmcrypt-2.5.8/modules/algorithms/',
$mode,
'/usr/local/libmcrypt-2.5.8/modules/modes/');
@
$key_size = mcrypt_enc_get_key_size($td);
@
$block_size = mcrypt_get_block_size($cipher,$mode);
@
$iv_size = mcrypt_get_iv_size($cipher, $mode);
@
mcrypt_module_close($td);
echo
"
<pre>
key_size: "
. ($key_size?$key_size:'n/a')
.
" block_size: ". ($block_size?$block_size:'n/a')
.
" iv_size: ". ($iv_size?$iv_size:'n/a')
.
" </pre>\n";
$td=NULL;
$key_size=NULL;
$block_size=NULL;
$iv_size=NULL;
}
}

?>
up
-2
Anonymous
12 years ago
These are two simple functions I built for 256-bit encryption/decryption with mcrypt. I've decided to use MCRYPT_RIJNDAEL_128 because it's AES-compliant, and MCRYPT_MODE_CBC. (ECB mode is inadequate for many purposes because it does not use an IV.)

This function stores a hash of the data to verify that the data was decrypted successfully, but this could be easily removed if necessary.

<?php
function encrypt($decrypted, $password, $salt='!kQm*fF3pXe1Kbm%9') {
// Build a 256-bit $key which is a SHA256 hash of $salt and $password.
$key = hash('SHA256', $salt . $password, true);
// Build $iv and $iv_base64. We use a block size of 128 bits (AES compliant) and CBC mode. (Note: ECB mode is inadequate as IV is not used.)
srand(); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_RAND);
if (
strlen($iv_base64 = rtrim(base64_encode($iv), '=')) != 22) return false;
// Encrypt $decrypted and an MD5 of $decrypted using $key. MD5 is fine to use here because it's just to verify successful decryption.
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $decrypted . md5($decrypted), MCRYPT_MODE_CBC, $iv));
// We're done!
return $iv_base64 . $encrypted;
}

function
decrypt($encrypted, $password, $salt='!kQm*fF3pXe1Kbm%9') {
// Build a 256-bit $key which is a SHA256 hash of $salt and $password.
$key = hash('SHA256', $salt . $password, true);
// Retrieve $iv which is the first 22 characters plus ==, base64_decoded.
$iv = base64_decode(substr($encrypted, 0, 22) . '==');
// Remove $iv from $encrypted.
$encrypted = substr($encrypted, 22);
// Decrypt the data. rtrim won't corrupt the data because the last 32 characters are the md5 hash; thus any \0 character has to be padding.
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, base64_decode($encrypted), MCRYPT_MODE_CBC, $iv), "\0\4");
// Retrieve $hash which is the last 32 characters of $decrypted.
$hash = substr($decrypted, -32);
// Remove the last 32 characters from $decrypted.
$decrypted = substr($decrypted, 0, -32);
// Integrity check. If this fails, either the data is corrupted, or the password/salt was incorrect.
if (md5($decrypted) != $hash) return false;
// Yay!
return $decrypted;
}
?>
To Top