I couldn't find this information anywhere on here or on Google, so quick question: When using openssl_encrypt should I be using the actual cipher names (i.e. "bf-cbc") or can I use the aliases (i.e. "blowfish")?
FWIW, I'm using PHP 5.6.34.
Bonus question: According to the PHP documentation, some of the methods have been proven to be weak, so which one is the strongest or which are the strongest amongst the methods that remain?
分享 Don't use the aliases, be as specific as you can with the cipher you intend to use.
AES is probably the most appropriate algorithm to use here. The mode you use is important as well. With this in mind, I would prioritize the following, in order:
aes-*-gcmaes-*-ctraes-*-cbcWhere * is obviously one of 256/192/128. Remember that each of the above modes has different requirements for it to be secure. GCM needs a 96-bit nonce, and no additional authentication. CTR usually uses a 128-bit nonce and needs a MAC to be secure. Using the same nonce and key for two different messages in GCM or CTR mode will expose the plaintext, so don't ever do that. CBC needs a 128-bit IV and a MAC to be secure.
I suggest you view the code in this repository for an example of secure encryption in PHP.
分享
