Is the following encryption method secure?

Asked May 13 '15 at 06:37

Active May 13 '15 at 06:37

Viewed 30 times

A friend sent the following 1-line encryption method to me

Is this method secure? (i don't mean secure against NSA of course, but secure?)

$string = "Some text to be encrypted";
$secret_key = "dyAt7VVyFAUc1OEVl9XDF1hoLEpzPD01";

// Initialization vector
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC), MCRYPT_RAND);

// Encrypt
$encrypted_string = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $secret_key, $string, MCRYPT_MODE_CBC, $iv);

IV is stored next to the encrypted string in database, but the key is stored separately.

asked May 13 '15 at 06:37

Vladimir

1,602
2
18
40

1

Seems legit! Check out http://stackoverflow.com/questions/11051845/php-mcrypt-how-secure-is-it-really . – Luke May 13 '15 at 06:50
1

May be vulnerable to padding oracle attack depending on your system architecture. – Artjom B. May 13 '15 at 06:53

Is the following encryption method secure?

0 Answers0