diff options
author | Nikita Popov <nikic@php.net> | 2014-03-01 23:51:03 +0100 |
---|---|---|
committer | Nikita Popov <nikic@php.net> | 2014-03-05 15:32:32 +0100 |
commit | a861a3a93d89a50ce58e1ab1abef1eb501f97483 (patch) | |
tree | 88f2cff036668095d35e3491281406874a1c0fc8 /ext/mcrypt/tests/mcrypt_cfb.phpt | |
parent | 25d801f97ec3f4bcac8977efd50f843eba9b19e1 (diff) | |
download | php-git-a861a3a93d89a50ce58e1ab1abef1eb501f97483.tar.gz |
Abort on invalid key size
Previously an incorrectly sized key was either silently padded
with NUL bytes or truncated. Especially the silent nature of this
behavior makes it extremely easy to use weak encryption. A common
mistake - which has also been extensively made in our tests - is
to use a password instead of a key.
Incorrectly sized keys will now be rejected.
Diffstat (limited to 'ext/mcrypt/tests/mcrypt_cfb.phpt')
-rw-r--r-- | ext/mcrypt/tests/mcrypt_cfb.phpt | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ext/mcrypt/tests/mcrypt_cfb.phpt b/ext/mcrypt/tests/mcrypt_cfb.phpt index 1c7b9c12ff..a82ea46d11 100644 --- a/ext/mcrypt/tests/mcrypt_cfb.phpt +++ b/ext/mcrypt/tests/mcrypt_cfb.phpt @@ -4,7 +4,7 @@ mcrypt_cfb <?php if (!extension_loaded("mcrypt")) print "skip"; ?> --FILE-- <?php -$key = "FooBar"; +$key = "0123456789012345"; $secret = "PHP Testfest 2008"; $cipher = MCRYPT_RIJNDAEL_128; |