php - mcrypt_create_iv returns undefined variable

Question

My encryption/iv code doesn't work. Whenever I test the login I get this error

Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in /Users/luke/Sites/user.php on line 174

I have tracked it down to this line

$size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_URANDOM);
$method = "aes-128-cbc";
$passWord = mcrypt_create_iv($size, MCRYPT_DEV_URANDOM);
$verificationNumber = openssl_encrypt($passWord, $method, $iv);

Mcrypt is installed fine as shown by this. Can you help or do i possibly need to provide more code?

Answer 1

您正在获得“CAST”的 iv 大小：MCRYPT_CAST_256但您正在使用“aes-128-cbc”进行加密。那是算法不匹配。

CAST 块大小为 64 位，AES 块大小为 128 位。取而代之MCRYPT_RIJNDAEL_128的是，AES 是 Rijndael 的子集，具有 128 位块。