0

I use this code for encrypt and decrypt string.
but this code create question mark

$key="123456789098776545433322";
$test=mcrypt_ecb (MCRYPT_3DES, $key, 'test', MCRYPT_ENCRYPT);
$result=mcrypt_ecb (MCRYPT_3DES, $key, $test, MCRYPT_DECRYPT);  
<input type="text"     value="<?=$result?>"   name="test">

result is

test����

paranoid
  • 6,799
  • 19
  • 49
  • 86
  • 2
    First of all, `mcrypt_ecb` is deprecated http://php.net/manual/en/function.mcrypt-ecb.php. I suggest you to check for alternative rather than this. – Mittul At TechnoBrave Apr 17 '17 at 09:19
  • @hassan this is my header – paranoid Apr 17 '17 at 09:22
  • 1
    For Alternative, check this out - http://stackoverflow.com/questions/41272257/php-7-mcrypt-deprecated-need-alternative – Mittul At TechnoBrave Apr 17 '17 at 09:24
  • 3
    @hassan It isn't about encoding. Those are NULL bytes. – Álvaro González Apr 17 '17 at 09:25
  • You can also check this out - http://php.net/manual/en/function.mcrypt-generic.php – Mittul At TechnoBrave Apr 17 '17 at 09:27
  • just do this once `$result = trim($result);` – Mittul At TechnoBrave Apr 17 '17 at 09:33
  • 1
    http://stackoverflow.com/questions/275411/php-output-showing-little-black-diamonds-with-a-question-mark/15138120 – Mittul At TechnoBrave Apr 17 '17 at 09:34
  • 2
    **Never use [ECB mode](http://crypto.stackexchange.com/q/14487/13022)**. It's deterministic and therefore not semantically secure. You should at the very least use a randomized mode like [CBC](http://crypto.stackexchange.com/q/22260/13022) or [CTR](http://crypto.stackexchange.com/a/2378/13022). It is better to authenticate your ciphertexts so that attacks like a [padding oracle attack](http://crypto.stackexchange.com/q/18185/13022) are not possible. This can be done with authenticated modes like GCM or EAX, or with an [encrypt-then-MAC](http://crypto.stackexchange.com/q/202/13022) scheme. – Artjom B. Apr 17 '17 at 09:52
  • 1
    **Don't use Triple DES nowadays.** It only provides at best 112 bit of security even if you use the largest key size of 192 bit. If a shorter key size is used, then it only provides 56 or 57 bits of security. AES would be faster (processors have a special AES-NI instruction set) and even more secure with the lowest key size of 128 bit. There is also a practical limit on the maximum ciphertext size with 3DES. See [Security comparison of 3DES and AES](http://security.stackexchange.com/q/26179/45523). – Artjom B. Apr 17 '17 at 09:52
  • 1
    **Don't use mcrypt nowadays**, because it is abandonware containing many bugs. – Artjom B. Apr 17 '17 at 09:53

0 Answers0