0

I am confused about the difference of AES-128 and AES-512 using php's mcrypt. The difference is just the length of the key (32 and 64 characters) or the difference is the used algo such as MCRYPT_RIJNDAEL_128? If the difference is the latter, how should be the algo for AES-512?

user4271704
  • 723
  • 1
  • 12
  • 37
  • 5
    There is no such thing as AES-512. – svrnm Nov 19 '15 at 12:24
  • Thanks, so key length has nothing to do with AES-x? and AES-128 just means this algo MCRYPT_RIJNDAEL_128? – user4271704 Nov 19 '15 at 12:30
  • 1
    @user4271704 The key length x has everything to AES-x and every AES-yyy is defined as `MCRYPT_RIJNDAEL_128`. `MCRYPT_RIJNDAEL_192` and `MCRYPT_RIJNDAEL_256` have nothing to do with AES anymore. – Artjom B. Nov 19 '15 at 12:32
  • @svrnm So for AES-256 should I use a 32-characters key? and AES-256 is more secure than the two other? – user4271704 Nov 19 '15 at 12:33
  • Look here: https://secure.php.net/manual/de/function.mcrypt-encrypt.php#117667 – svrnm Nov 19 '15 at 12:35
  • @svrnm so I have only two options: AES-128 and AES-192, the latter is more secure and I should use a 24-character as key to use it with php's mcrypt and that would be fine to encrypt CC numbers? – user4271704 Nov 19 '15 at 12:37
  • 2
    @svrnm Not true, AES-256 *is* supported by mcrypt. You just need to provide a 32 byte key. – Artjom B. Nov 19 '15 at 12:37
  • @ArtjomB. - true, i updated my comment and gave an answer – svrnm Nov 19 '15 at 12:39
  • @svrnm so for CC number encryption better to go with a 32 bytes key as AES-256 and this is more secure than AES-128 and AES-192? And more than AES-256 doesn't exist with php's mcrypt? right with this all I said here? – user4271704 Nov 19 '15 at 12:43
  • 1
    @user4271704 Yes, that's true, but keep in mind that you should use a key that actually has much entropy. If you use some password, then it would be much easier to brute-force than an entirely random key. – Artjom B. Nov 19 '15 at 12:46
  • @svrnm for openssl_encrypt which method is the best for CC encryption? cbc? as 'aes-128-cbc' with a 32-bytes key? – user4271704 Nov 19 '15 at 12:54
  • 1
    side note: choosing the cipher is just one part in protecting the credit card data; and compared to the other tasks quite frankly a minor one. Asking this question and the way you did it _suggests_ that you're a long way from implementing e.g. the dss guidelines. It _might_ be better if you'd ask your cc processor for a solution. – VolkerK Nov 19 '15 at 13:04
  • @svrnm ok, but generally it would be a good way to go with aes-128-cbc for credit card numbers? – user4271704 Nov 19 '15 at 13:05
  • 1
    No, and it's not that AES-128-CBC is insecure. If you're storing credit card numbers, getting hacked is **game over** for every customer you've ever had. Don't store them unless you have to, and if you do, use asymmetric-key cryptography. Encrypt it with a public key (using a sealing API) and never let the corresponding private key go near the public Internet. – Scott Arciszewski Nov 19 '15 at 14:59
  • @svrnm The most important thing is the key, if the site get hacked and they can see the key in config.php, niether mcrypt nor openssl is useful. So a formula should be applied to key before using it, so hackers still need to login to admin area to use it as that key is useless to decrypt outside the application. Can you suggest a good formula to be applied on the key before usage? – user4271704 Nov 20 '15 at 11:28
  • I have to agree with @ScottArciszewski: Don't store credit card numbers unless you have to. If this is *really* a requirement, you should ask (or hire) an expert... encrypting the numbers and putting the key into a config file is a *really* bad idea. – svrnm Nov 20 '15 at 11:55
  • @svrnm so where to put the key? Even in database is bad idea. I was thinking to apply a formula on the key before using it. So how would be a good formula? – user4271704 Nov 20 '15 at 12:52
  • @user4271704 If you're following my recommendation, which is to use [asymmeric-key cryptography](https://paragonie.com/blog/2015/11/choosing-right-cryptography-library-for-your-php-project-guide#libsodium), you can drop the public key anywhere. If you're ignoring my advice and just using symmetric-key cryptography, you might as well drop it into /var/www/public_html/please_defraud_my_customers.txt – Scott Arciszewski Nov 20 '15 at 14:14
  • @ScottArciszewski I prefer to follow your recommendation, when they enter CC, it will be encrypted by public key which is present on server, but only manually can be decrypted by admin by private key that is not present on server? right? If yes, this http://framework.zend.com/manual/current/en/modules/zend.filter.set.html#encryption-with-openssl requires both private/public Keys for both encryption/decryption so I guess it should not be good to use this lib? If no, can you suggest any better lib for this job? – user4271704 Nov 20 '15 at 14:35
  • @user4271704 I would hold off on deploying Zend Framework's public key cryptography until at least their next security release (which should be *soon*). I reported something pernicious. If you need a solution today: Try libsodium, and only if you absolutely cannot use libsodium, consider [EasyRSA](https://github.com/paragonie/EasyRSA). – Scott Arciszewski Nov 20 '15 at 14:37
  • @ScottArciszewski sodiumlib is not .php, so I guess I should go with EasyRSA instead of ZF2 and instead of symmetric-key cryptography, and I will be find to encrypt CC with it ONLY if private key is not present on the server, and only when needed an admin should enter it to decrypt it so there is no automatic decrypt on server, but only manually, right? – user4271704 Nov 20 '15 at 14:45
  • Precisely. Also: https://en.wikipedia.org/wiki/Air_gap_%28networking%29 – Scott Arciszewski Nov 20 '15 at 14:45
  • @ScottArciszewski Since this is not automatic decryption so how the system should recure the renewal invoices? – user4271704 Nov 20 '15 at 14:49
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/95717/discussion-between-scott-arciszewski-and-user4271704). – Scott Arciszewski Nov 20 '15 at 14:55
  • to get the IV size to be used with mcrypt or openssl, the block size will be divided by 8? I know there are functions to get IV size, but I need to know if IV size is based on block size converted into bytes dividing it into 8? – user4271704 Jan 04 '16 at 09:40

2 Answers2

5

First of all there is no AES-512. AES is specified with keylengths 128, 192 and 256. Next, please pay attention to not mix Rijndael with AES! AES is based on Rijndael, but the latter also provides choices for the block length. This block length is changeable in PHP using the constants MCRYPT_RIJNDAEL_128, MCRYPT_RIJNDAEL_192, MCRYPT_RIJNDAEL_256.

Finally, please avoid to use mcrypt. There are better options, i.e. openssl:

If you're writing code to encrypt/encrypt data in 2015, you should use openssl_encrypt() and openssl_decrypt(). The underlying library (libmcrypt) has been abandoned since 2007, and performs far worse than OpenSSL (which leverages AES-NI on modern processors and is cache-timing safe).

Also, MCRYPT_RIJNDAEL_256 is not AES-256, it's a different variant of the Rijndael block cipher. If you want AES-256 in mcrypt, you have to use MCRYPT_RIJNDAEL_128 with a 32-byte key. OpenSSL makes it more obvious which mode you are using (i.e. 'aes-128-cbc' vs 'aes-256-ctr').

Source and further reading: https://secure.php.net/manual/de/function.mcrypt-encrypt.php#117667

Community
  • 1
  • 1
svrnm
  • 1,036
  • 6
  • 17
  • for CC number encryption with openssl_encrypt, this method $method = 'aes-128-cbc' with a 32-bytes password is fair? – user4271704 Nov 19 '15 at 12:50
  • what is "CC number encryption"? – svrnm Nov 19 '15 at 12:54
  • I want to use openssl_encrypt to encrypt credit numbers in db. I know about PCI compliancy, but here I am just asking about credit card encryption, please advice. – user4271704 Nov 19 '15 at 12:55
  • 1
    I wouldn't *just* encrypt data without being well informed. I'm not an expert on that matter, so maybe you should read on, e.g.: https://stackoverflow.com/questions/9262109/php-simplest-two-way-encryption/30189841#30189841 – svrnm Nov 19 '15 at 13:06
  • 2
    Avoid ever storing credit card numbers unless you happen to be a payment processor for the banks. Seriously. But if you need to keep credit card numbers, [install libsodium and use `\Sodium\crypto_box_seal()`](https://paragonie.com/white-paper/2015-secure-php-data-encryption#crypto-seal) with a public key. Keep the corresponding secret key offline. – Scott Arciszewski Nov 19 '15 at 14:51
  • AES-512 does exist, however it is a completely different standard that only partially resembles AES-128. – Erkin Alp Güney Dec 09 '21 at 19:14
0

Within AES, the -xxx is the keylength - however I believe the three AES ciphers supported by PHP are AES-128, AES-192 and AES-256

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
Liam Wiltshire
  • 1,254
  • 13
  • 26
  • So for AES-256 should I use a 32-characters key? and AES-256 is more secure than the two other? – user4271704 Nov 19 '15 at 12:31
  • -xxx is the block length, not the keylength! – svrnm Nov 19 '15 at 12:35
  • Using mcrypt_get_key_size() will return the required length of key for any cipher - yes, a longer key will be harder to crack, – Liam Wiltshire Nov 19 '15 at 12:36
  • @svrnm This is wrong. Please don't confuse AES and Rijndael. – Artjom B. Nov 19 '15 at 12:38
  • @ArtjomB.: I'm not confusing them, I'm just stating that _XXX is not the keylength for MCRYPT_RIJNDAEL_XXX but maybe that is not what Liam Wiltshire meant... I'm sorry. – svrnm Nov 19 '15 at 12:42
  • @svrnm Liam didn't even mention Rijndael, so this answer has its problems. – Artjom B. Nov 19 '15 at 12:43
  • So, just for clarification: AES-128, AES-192 and AES-256 are all rijndael_128 i.e. rijndael with a _block_ size of 128 bit and _key_ sizes 128,192 and 256 respectively. – VolkerK Nov 19 '15 at 12:48