mcrypt is deprecated what is the alternative

Question

The mcrypt-extension is deprecated will be removed in PHP 7 2 according to the comment posted here  So I am looking for an alternative way to encrypt passwords   Right now I am using something like  mcrypt encrypt MCRYPT RIJNDAEL 128  md5  key  true    string  MCRYPT MODE CBC   iv    I need your opinion for the best strongest way to encrypt passwords  the encrypted password should of course supported by PHP 7 xx and should also be decryptable because my customers do want to have an option to  recover  their passwords without generating a new one

User · Answer

I am using this on PHP 7 2 x  it s working fine for me  public function make hash  userStr           try                                  Used and tested on PHP 7 2x  Salt has been removed manually  it is now added by PHP                               return password hash  userStr  PASSWORD BCRYPT                catch Exception  exc                    this- gt tempVar    exc- gt getMessage                    return false                           and then authenticate the hash with the following function  public function varify user  userStr  hash           try              if  password verify  userStr   hash                      return true                                else                   return false                                 catch Exception  exc                    this- gt tempVar    exc- gt getMessage                    return false                           Example      create hash from user string    user password    obj- gt make hash2  user key    and to authenticate this hash use the following code  if  obj- gt varify user  key   user key            this is correct  you can proceed with          That s all

User · Answer

I was able to translate my Crypto object   Get a copy of php with mcrypt to decrypt the old data   I went to http   php net get php-7 1 12 tar gz from a mirror  compiled it  then added the ext mcrypt extension  configure make make install   I think I had to add the extenstion mcrypt so line to the php ini as well   A series of scripts to build intermediate versions of the data with all data unencrypted  Build a public and private key for openssl  openssl genrsa -des3 -out pkey pem 2048  set a password  openssl rsa -in pkey pem -out pkey-pub pem -outform PEM -pubout  To Encrypt  using public key  use openssl seal  From what I ve read  openssl encrypt using an RSA key is limited to 11 bytes less than the key length  See http   php net manual en function openssl-public-encrypt php comment by Thomas Horsten     pubKey   openssl get publickey file get contents    pkey-pub pem     openssl seal  pwd   sealed   ekeys     pubKey      encryptedPassword   base64 encode  sealed    key   base64 encode  ekeys 0       You could probably store the raw binary    To Decrypt  using private key    passphrase  passphrase here    privKey   openssl get privatekey file get contents    pkey pem     passphrase      I base64 decode   from my db columns openssl open  encryptedPassword   plain   key   privKey   echo   lt h3 gt Password  plain lt  h3 gt       P S  You can t encrypt the empty string       P P S  This is for a password database not for user validation

User · Answer

As suggested by  rqLizard  you can use openssl encrypt openssl decrypt PHP functions instead which provides a much   better alternative to implement AES  The Advanced Encryption Standard  also known as Rijndael encryption   As per the following Scott s comment at php net      If you re writing code to encrypt encrypt data in 2015  you should use openssl encrypt   and openssl decrypt    The underlying library  libmcrypt  has been abandoned since 2007  and performs far worse than OpenSSL  which leverages AES-NI on modern processors and is cache-timing safe        Also  MCRYPT RIJNDAEL 256 is not AES-256  it s a different variant of the Rijndael block cipher  If you want AES-256 in mcrypt  you have to use MCRYPT RIJNDAEL 128 with a 32-byte key  OpenSSL makes it more obvious which mode you are using  i e  aes-128-cbc vs aes-256-ctr        OpenSSL also uses PKCS7 padding with CBC mode rather than mcrypt s NULL byte padding  Thus  mcrypt is more likely to make your code vulnerable to padding oracle attacks than OpenSSL       Finally  if you are not authenticating your ciphertexts  Encrypt Then MAC   you re doing it wrong    Further reading    Using Encryption and Authentication Correctly  for PHP developers   If You re Typing the Word MCRYPT Into Your PHP Code  You re Doing It Wrong    Code examples  Example  1     AES Authenticated Encryption in GCM mode example for PHP 7 1     lt  php    key should have been previously generated in a cryptographically safe way  like openssl random pseudo bytes  plaintext    message to be encrypted    cipher    aes-128-gcm   if  in array  cipher  openssl get cipher methods            ivlen   openssl cipher iv length  cipher        iv   openssl random pseudo bytes  ivlen        ciphertext   openssl encrypt  plaintext   cipher   key   options 0   iv   tag         store  cipher   iv  and  tag for decryption later      original plaintext   openssl decrypt  ciphertext   cipher   key   options 0   iv   tag       echo  original plaintext   n       gt    Example  2     AES Authenticated Encryption example for PHP 5 6     lt  php    key previously generated safely  ie  openssl random pseudo bytes  plaintext    message to be encrypted    ivlen   openssl cipher iv length  cipher  AES-128-CBC     iv   openssl random pseudo bytes  ivlen    ciphertext raw   openssl encrypt  plaintext   cipher   key   options OPENSSL RAW DATA   iv    hmac   hash hmac  sha256    ciphertext raw   key   as binary true    ciphertext   base64 encode   iv  hmac  ciphertext raw       decrypt later      c   base64 decode  ciphertext    ivlen   openssl cipher iv length  cipher  AES-128-CBC     iv   substr  c  0   ivlen    hmac   substr  c   ivlen   sha2len 32    ciphertext raw   substr  c   ivlen  sha2len    original plaintext   openssl decrypt  ciphertext raw   cipher   key   options OPENSSL RAW DATA   iv    calcmac   hash hmac  sha256    ciphertext raw   key   as binary true   if  hash equals  hmac   calcmac    PHP 5 6  timing attack safe comparison       echo  original plaintext   n       gt    Example  3  Based on above examples  I ve changed the following code which aims at encrypting user s session id   class Session               Encrypts the session ID and returns it as a base 64 encoded string             param  session id       return string         public function encrypt  session id           Get the MD5 hash salt as a key       key    this- gt  getSalt           For an easy iv  MD5 the salt again       iv    this- gt  getIv           Encrypt the session ID       encrypt   mcrypt encrypt MCRYPT RIJNDAEL 128   key   session id  MCRYPT MODE CBC   iv          Base 64 encode the encrypted session ID       encryptedSessionId   base64 encode  encrypt          Return it      return  encryptedSessionId                  Decrypts a base 64 encoded encrypted session ID back to its original form             param  encryptedSessionId       return string         public function decrypt  encryptedSessionId           Get the MD5 hash salt as a key       key    this- gt  getSalt           For an easy iv  MD5 the salt again       iv    this- gt  getIv           Decode the encrypted session ID from base 64       decoded   base64 decode  encryptedSessionId          Decrypt the string       decryptedSessionId   mcrypt decrypt MCRYPT RIJNDAEL 128   key   decoded  MCRYPT MODE CBC   iv          Trim the whitespace from the end       session id   rtrim  decryptedSessionId    0           Return it      return  session id         public function  getIv         return md5  this- gt  getSalt            public function  getSalt         return md5  this- gt drupal- gt drupalGetHashSalt              into   class Session      const SESS CIPHER    aes-128-cbc               Encrypts the session ID and returns it as a base 64 encoded string             param  session id       return string         public function encrypt  session id           Get the MD5 hash salt as a key       key    this- gt  getSalt           For an easy iv  MD5 the salt again       iv    this- gt  getIv           Encrypt the session ID       ciphertext   openssl encrypt  session id  self  SESS CIPHER   key   options OPENSSL RAW DATA   iv          Base 64 encode the encrypted session ID       encryptedSessionId   base64 encode  ciphertext          Return it      return  encryptedSessionId                  Decrypts a base 64 encoded encrypted session ID back to its original form             param  encryptedSessionId       return string         public function decrypt  encryptedSessionId           Get the Drupal hash salt as a key       key    this- gt  getSalt           Get the iv       iv    this- gt  getIv           Decode the encrypted session ID from base 64       decoded   base64 decode  encryptedSessionId  TRUE          Decrypt the string       decryptedSessionId   openssl decrypt  decoded  self  SESS CIPHER   key   options OPENSSL RAW DATA   iv          Trim the whitespace from the end       session id   rtrim  decryptedSessionId    0           Return it      return  session id         public function  getIv          ivlen   openssl cipher iv length self  SESS CIPHER       return substr md5  this- gt  getSalt     0   ivlen          public function  getSalt         return  this- gt drupal- gt drupalGetHashSalt             To clarify  above change is not a true conversion since the two encryption uses a different block size and a different encrypted data  Additionally  the default padding is different  MCRYPT RIJNDAEL only supports non-standard null padding   zaph    Additional notes  from the  zaph s comments     Rijndael 128  MCRYPT RIJNDAEL 128  is equivalent to AES  however Rijndael 256  MCRYPT RIJNDAEL 256  is not AES-256 as the 256 specifies a block size of 256-bits  whereas AES has only one block size  128-bits  So basically Rijndael with a block size of 256-bits  MCRYPT RIJNDAEL 256  has been mistakenly named due to the choices by the mcrypt developers   zaph Rijndael with a block size of 256 may be less secure than with a block size of 128-bits because the latter has had much more reviews and uses  Secondly  interoperability is hindered in that while AES is generally available  where Rijndael with a block size of 256-bits is not  Encryption with different block sizes for Rijndael produces different encrypted data   For example  MCRYPT RIJNDAEL 256  not equivalent to AES-256  defines a different variant of the Rijndael block cipher with size of 256-bits and a key size based on the passed in key  where aes-256-cbc is Rijndael with a block size of 128-bits with a key size of 256-bits  Therefore they re using different block sizes which produces entirely different encrypted data as mcrypt uses the number to specify the block size  where OpenSSL used the number to specify the key size  AES only has one block size of 128-bits   So basically AES is Rijndael with a block size of 128-bits and key sizes of 128  192 and 256 bits  Therefore it s better to use AES  which is called Rijndael 128 in OpenSSL

User · Answer

As detailed by other answers here  the best solution I found is using OpenSSL  It is built into PHP and you don t need any external library  Here are simple examples   To encrypt   function encrypt  key   payload       iv   openssl random pseudo bytes openssl cipher iv length  aes-256-cbc        encrypted   openssl encrypt  payload   aes-256-cbc    key  0   iv     return base64 encode  encrypted           iv       To decrypt   function decrypt  key   garble        list  encrypted data   iv    explode       base64 decode  garble   2       return openssl decrypt  encrypted data   aes-256-cbc    key  0   iv       Reference link  https   www shift8web ca 2017 04 how-to-encrypt-and-execute-your-php-code-with-mcrypt

User · Answer

You can use phpseclib pollyfill package  You can not use open ssl or libsodium for encrypt decrypt with rijndael 256  Another issue  you don t need replacement any code

User · Answer

You should use OpenSSL over mcrypt as it s actively developed and maintained  It provides better security  maintainability and portability  Secondly it performs AES encryption decryption much faster  It uses PKCS7 padding by default  but you can specify OPENSSL ZERO PADDING if you need it  To use with a 32-byte binary key  you can specify aes-256-cbc which is much obvious than MCRYPT RIJNDAEL 128   Here is the code example using Mcrypt      Unauthenticated AES-256-CBC encryption library written in Mcrypt with PKCS7 padding           This library is unsafe because it does not MAC after encrypting     class UnsafeMcryptAES       const CIPHER   MCRYPT RIJNDAEL 128       public static function encrypt  message   key                if  mb strlen  key   8bit       32                throw new Exception  Needs a 256-bit key                        ivsize   mcrypt get iv size self  CIPHER            iv   mcrypt create iv  ivsize  MCRYPT DEV URANDOM               Add PKCS7 Padding          block   mcrypt get block size self  CIPHER            pad    block -  mb strlen  message   8bit      block   8bit             message    str repeat chr  pad    pad             ciphertext   mcrypt encrypt              MCRYPT RIJNDAEL 128               key               message              MCRYPT MODE CBC               iv                     return  iv    ciphertext             public static function decrypt  message   key                if  mb strlen  key   8bit       32                throw new Exception  Needs a 256-bit key                        ivsize   mcrypt get iv size self  CIPHER            iv   mb substr  message  0   ivsize   8bit             ciphertext   mb substr  message   ivsize  null   8bit              plaintext   mcrypt decrypt              MCRYPT RIJNDAEL 128               key               ciphertext              MCRYPT MODE CBC               iv                      len   mb strlen  plaintext   8bit             pad   ord  plaintext  len - 1            if   pad  lt   0     pad  gt   block                   Padding error              return false                    return mb substr  plaintext  0   len -  pad   8bit              And here is the version written using OpenSSL          This library is unsafe because it does not MAC after encrypting     class UnsafeOpensslAES       const METHOD    aes-256-cbc        public static function encrypt  message   key                if  mb strlen  key   8bit       32                throw new Exception  Needs a 256-bit key                        ivsize   openssl cipher iv length self  METHOD            iv   openssl random pseudo bytes  ivsize             ciphertext   openssl encrypt               message              self  METHOD               key              OPENSSL RAW DATA               iv                     return  iv    ciphertext             public static function decrypt  message   key                if  mb strlen  key   8bit       32                throw new Exception  Needs a 256-bit key                        ivsize   openssl cipher iv length self  METHOD            iv   mb substr  message  0   ivsize   8bit             ciphertext   mb substr  message   ivsize  null   8bit             return openssl decrypt               ciphertext              self  METHOD               key              OPENSSL RAW DATA               iv                      Source  If You re Typing the Word MCRYPT Into Your PHP Code  You re Doing It Wrong

User · Answer

As pointed out  you should not be storing your users  passwords in a format that is decryptable   Reversable encryption provides an easy route for hackers to find out your users  passwords  which extends to putting your users  accounts at other sites at risk should they use the same password there   PHP provides a pair of powerful functions for random-salted  one-way hash encryption  mdash  password hash   and password verify     Because the hash is automatically random-salted  there is no way for hackers to utilize precompiled tables of password hashes to reverse-engineer the password   Set the PASSWORD DEFAULT option and future versions of PHP will automatically use stronger algorithms to generate password hashes without you having to update your code

User · Answer

Pure-PHP implementation of Rijndael exists with phpseclib available as composer package and works on PHP 7 3  tested by me    There s a page on the phpseclib docs  which generates sample code after you input the basic variables  cipher  mode  key size  bit size   It outputs the following for Rijndael  ECB  256  256   a code with mycrypt   decoded   mcrypt decrypt MCRYPT RIJNDAEL 256  ENCRYPT KEY   term  MCRYPT MODE ECB     works like this with the library   rijndael   new  phpseclib Crypt Rijndael  phpseclib Crypt Rijndael  MODE ECB    rijndael- gt setKey ENCRYPT KEY    rijndael- gt setKeyLength 256    rijndael- gt disablePadding     rijndael- gt setBlockLength 256     decoded    rijndael- gt decrypt  term        term was base64 decoded

User · Answer

It s best practice to hash passwords so they are not decryptable  This makes things slightly more difficult for attackers that may have gained access to your database or files   If you must encrypt your data and have it decryptable  a guide to secure encryption decryption is available at https   paragonie com white-paper 2015-secure-php-data-encryption  To summarize that link    Use Libsodium - A PHP extension If you can t use Libsodium  use defuse php-encryption - Straight PHP code If you can t use Libsodium or defuse php-encryption  use OpenSSL - A lot of servers will already have this installed  If not  it can be compiled with --with-openssl  DIR

User · Answer

You should use openssl encrypt   function

[php] mcrypt is deprecated, what is the alternative?

Examples related to php

Examples related to encryption

Examples related to passwords

Examples related to php-7

Examples related to mcrypt