0

I encrypted a text using a key and would like to understand this method if it is vulnerable or not.

Could you tell me if it's easy to decrypt, what methods exist and if maybe I should change the encryption method?

$text = "Hello this is my word";
$method = "aes-256-ecb";
$ivlen = openssl_cipher_iv_length($method);
$iv = openssl_random_pseudo_bytes($ivlen);
$secretKey= "abcdefghilmnop10032001";

$encrypted = openssl_encrypt($text, $method, $secretKey, $options=0, $iv);
$decrypted = openssl_decrypt($encrypted, $method, $secretKey, $options=0, $iv);

print_r($encrypted);
print_r('<br>');    
print_r($decrypted);

The encrypted text is:

Ad4jgTNQlNiSBXGidMoAPZeJkUAxQrYPYKHwc9/80Z0=

Besides with openssl_encrypt is possible to have a salt and so ever a different encrypted text (also if text doesn't change)?

Improve this question
17
  • 2
    I'm assuming the question is specifically whether aes-256-ecb is considered secure and not a general is encryption secure kind of question. I would say this question is probably better suited for Information security however I am willing to bet it's probably already been answered there Commented Aug 12, 2019 at 14:29
  • @apokryfos now i never write there. Anyway can you able to say me if at least is possible to have a salt with openssl_encrypt ? Commented Aug 12, 2019 at 15:10
  • Salt doesn't make decryption any harder, since you have to store the salt with the encrypted data. The purpose of salt is to make it hard to create a rainbow table. Commented Aug 12, 2019 at 15:10
  • Of course you can have a salt. Just use openssl_encrypt($salt . $text, ...). Commented Aug 12, 2019 at 15:11
  • I thought it made harder decryption... so aes-256-ecb is safe for you ? Commented Aug 12, 2019 at 15:13

1 Answer 1

Reset to default
1

You can add salt to the key.

$text = "Hello this is my word";
$method = "aes-256-ecb";
$ivlen = openssl_cipher_iv_length($method);
$iv = openssl_random_pseudo_bytes($ivlen);
$secretKey= "abcdefghilmnop10032001";
$salt_length = 10;
$salt = make_salt($salt_length); // You need to define this function

$encrypted = $salt . openssl_encrypt($text, $method, $salt . $secretKey, $options=0, $iv);
$salt = substr($encrypted, 0, $salt_length);
$decrypted = openssl_decrypt(substr($encrypted, $salt_length), $method, $salt . $secretKey, $options=0, $iv);

print_r($encrypted);
print_r('<br>');    
print_r($decrypted);

Notice that you have to save the salt along with the encrypted string, so that you can get it back for decrypting.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

and what do you think about "aes-256-ecb" ? Is safe ?
See How Safe is AES Encryption
So is safe and this safety depends by key's lenght. But which difference is there between aes-256-ecb and aes-256-cbc ? And in this case is necessary a salt ?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.