|Subject:||MCRYPT_RAND is not cryptographically...|
|Summary:||Package rating comment|
Scott Arciszewski rated this package as follows:
|Consistency: ||Not sure|
|Documentation: ||Not sure|
|Examples: ||Not sure|
Scott Arciszewski - 2015-12-12 06:30:58
MCRYPT_RAND is not cryptographically secure; MCRYPT_DEV_URANDOM should be used for creating IVs.
Using substr() and strlen() on strings will fall apart if someone sets mbstring.func_overload to 2, 3, or 7. Use mb_substr($str, $start, $length, '8bit') and mb_strlen($str, '8bit') to always operate on binary strings.
$decryptkey = bin2hex(md5(uniqid(rand(),1)));
This is NOT a cryptographically secure way to generate an encryption key.
set_key() forces a hexadecimal-encoded key, which greatly reduces the potential security of this library by cutting your keyspace in half.
And it's also vulnerable to chosen-ciphertext attacks.
Conclusion: This is not secure.
Please nobody use this library as is.