php - Why Laravel4.2 Encryption Key less than Encryption Key character in CodeIgniter? -
i'm study laravel4.2 , start compared codeigniter found problem on encryption key character below code i've used key testing in laravel 4.2 don't work because got messages "mcrypt_encrypt(): size of key big algorithm"
but it's work perfect when i've used same encryption key in codeigniter latest version.
my question:how larave 4.2 secure if used mcrypt_rijndael_256 of encryption key
'key' => 'sdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrdsdrlcczte2ujltzv5s3jzkn5bjvgqkrd', 'cipher' => mcrypt_rijndael_256,
aes keys need indistinguishable random , either 16, 24 or 32 bytes in length. seems laravel adds additional check aes key valid size.
basically php's mcrypt (not sure c-code) extends key info 00 valued bytes if key smaller 32 bytes, until gets first legal aes key size. if key larger 32 bytes cuts 32 bytes. absolutely against practice regards handling keys.
so aes key interpreted 'sdrlcczte2ujltzv5s3jzkn5bjvgqkrd', encoded ascii. kind of key not provide total security of aes-256 key reduces key space (with more 8 bytes if 62 character alphabet used, assuming each value within alphabet as likely).
and note mcrypt_rijndael_256 not aes, able decrypt libraries back upwards rijndael block size of 256.
php codeigniter security encryption laravel-4
No comments:
Post a Comment