Deprecation of mcrypt

Forum Moderators: coopster

Message Too Old, No Replies

Deprecation of mcrypt

topr8

12:45 pm on Jan 30, 2015 (gmt 0)

i'm about to upgrade to php 5.6 from 5.2.xx

and i'm a little concerned about mcrypt, as the documentation seems to be confusing.

i can see that mcrypt_ecb is deprecated... which is fine as we use mcrypt_encrypt (and mcrypt_decrypt)

the php documentation from php.net is

string mcrypt_encrypt ( string $cipher , string $key , string $data , string $mode [, string $iv ] )

the cipher we are using is: MCRYPT_MODE_ECB

which works on our test server, but i'm worried that it might be deprecated or will be in future - but i can't find any documentation about it.

i'd rather not have to change things in the future again if i can avoid it, but also i'd rather keep using MCRYPT_MODE_ECB if possible.

any thoughts?

coopster

8:32 pm on Feb 13, 2015 (gmt 0)

True, the function itself is DEPRECATED but the CONSTANT is not:

[php.net...]

... or as you said, not yet anyway. You could either go full native with PHP using the built in password hash mentioned on this FAQ:

[php.net...]

or roll your own using something like hash() to determine which algos are available on your system and pick a good one for implementation. Here is the manual page listing all your Cryptography Extensions:

[php.net...]

topr8

10:30 am on Feb 15, 2015 (gmt 0)

thanks for clarifying coopster

and for the password hash faq. ... it was a useful read.