mcrypt_enc_get_key_size
(PHP 4 >= 4.0.2, PHP 5)
mcrypt_enc_get_key_size — Returns the maximum supported keysize of the opened mode
Description
int mcrypt_enc_get_key_size
( resource
$td
)Gets the maximum supported key size of the algorithm in bytes.
Parameters
-
td
-
The encryption descriptor.
Return Values
Returns the maximum supported key size of the algorithm in bytes.
- PHP Руководство
- Функции по категориям
- Индекс функций
- Справочник функций
- Криптографические расширения
- Mcrypt
- mcrypt_cbc
- mcrypt_cfb
- mcrypt_create_iv
- mcrypt_decrypt
- mcrypt_ecb
- mcrypt_enc_get_algorithms_name
- mcrypt_enc_get_block_size
- mcrypt_enc_get_iv_size
- mcrypt_enc_get_key_size
- mcrypt_enc_get_modes_name
- mcrypt_enc_get_supported_key_sizes
- mcrypt_enc_is_block_algorithm_mode
- mcrypt_enc_is_block_algorithm
- mcrypt_enc_is_block_mode
- mcrypt_enc_self_test
- mcrypt_encrypt
- mcrypt_generic_deinit
- mcrypt_generic_end
- mcrypt_generic_init
- mcrypt_generic
- mcrypt_get_block_size
- mcrypt_get_cipher_name
- mcrypt_get_iv_size
- mcrypt_get_key_size
- mcrypt_list_algorithms
- mcrypt_list_modes
- mcrypt_module_close
- mcrypt_module_get_algo_block_size
- mcrypt_module_get_algo_key_size
- mcrypt_module_get_supported_key_sizes
- mcrypt_module_is_block_algorithm_mode
- mcrypt_module_is_block_algorithm
- mcrypt_module_is_block_mode
- mcrypt_module_open
- mcrypt_module_self_test
- mcrypt_ofb
- mdecrypt_generic
Коментарии
The key size returned by this function is for keys consisting of 8-bit characters. For example, 256-bit algorithms require 32-character keys.
However, if you are using alphanumeric keys [A-Za-z0-9] beware that strength is reduced, because you are only using a set of 64 characters, which could be represented in 6 bits. You get: 6 x 32 = 192-bit encryption.
Avoid using string representations hashes - md5() or sha1() - because hex encoding uses a set of only 16 characters [0-9a-f], which is equivalent to 4 bits, and thus halve the strength of your encryption: 4 x 32 = 128-bit.
A 64 character hex representation of an SHA-256 hash will not improve matters, because only the first 32 characters can be used. You need an 8-bit representation of SHA-256, or of two MD5s, to get full 256-bit strength.
The problem is somewhat reduced in OFB, CFB or CBC mode by the use of IVs, but only if you do not package your IV with the encrypted data.