让我们一块一块地看看你的代码. (主要是化妆品/空白变化.)
function Encrypt($text)
{
global $salt; // Why not make this a second parameter?
if($text != "") { // An unusual check,for sure
return trim( // base64_encode doesn't leave whitespace
base64_encode(
mcrypt_encrypt(
MCRYPT_RIJNDAEL_256,// This is a non-standard variant of the
// Rijndael cipher. You want to use the
// MCRYPT_RIJNDAEL_128 constant if you
// wanted to use AES here.
$salt,// This is a key,not a salt!
$text,// ECB mode is the worst mode to use for
// cryptography. Among other reasons,it
// doesn't even use the IV. Search for
// ECB penguins for an idea of why ECB
// mode is such a bad idea.
mcrypt_create_iv(
mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256,MCRYPT_RAND // You're using ECB mode so this is a waste
// anyway,but you should use
// MCRYPT_DEV_URANDOM instead of MCRYPT_RAND
)
)
)
);
}
return "";
}
我强烈建议您不要使用此功能.这不安全. Don’t use ECB mode.
此外,unauthenticated encryption is dangerous和libmcrypt is abandonware.
211
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
