Use of Initialization Vector in openssl_encrypt

by

An IV is generally a random number that guarantees the encrypted text is unique.

To explain why it’s needed, let’s pretend we have a database of people’s names encrypted with the key ‘secret’ and no IV.

1 John dsfa9p8y098hasdf
2 Paul po43pokdfgpo3k4y
3 John dsfa9p8y098hasdf

If John 1 knows his cipher text (dsfa9p8y098hasdf) and has access to the other cipher texts, he can easily find other people named John.

Now in actuality, an encryption mode that requires an IV will always use one. If you don’t specify an IV, it’s automatically set to a bunch of null bytes. Imagine the first example but with a constant IV (00000000).

1 John dsfa9p8y098hasdf 00000000
2 Paul po43pokdfgpo3k4y 00000000
3 John dsfa9p8y098hasdf 00000000

To prevent repeated cipher texts, we can encrypt the names using the same ‘secret’ key and random IV’s:

1 John sdf875n90mh28458 86714561
2 Paul fg9087n5b60987nf 13541814
3 John gjhn0m89456vnler 44189122

As you can see, the two ‘John’ cipher texts are now different. Each IV is unique and has influenced the encryption process making the end result unique as well. John 1 now has no idea what user 3’s name is.

Decryption requires the use of the same IV the text was encrypted with of course, which is why it must be stored along side the encrypted data. For decryption the IV is useless‡ without the key though so transmitting or storing it with the encrypted text is of no concern.

This is an overly simplistic example but the truth is, not using IV’s has serious security ramifications, which is the reason IV’s exist in the first place. Undoubtedly, countless IV-less encryption implementations have been exploited.

‡ As my security knowledge has progressed, I’ve learned that there are some more complicated exploits for various block cipher modes and concatenation techniques (not particularly related to the concatenation methodology described below) that can utilize IV’s to attain keys. Notable examples exploit RC4 data streams to determine the keys and decrypt wi-fi traffic for older technologies like WEP and WPA:

Now, your code appears to be setting the IV (1234567812345678) but not using it on decryption. That’s certain to fail.

You also may want to utilize some of PHP’s IV generation functions. I think this should work for you:

$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$encryptedMessage = openssl_encrypt($textToEncrypt, $encryptionMethod, $secretHash, 0, $iv);
$decryptedMessage = openssl_decrypt($encryptedMessage, $encryptionMethod, $secretHash, 0, $iv);

For storage/transmission, one option is to simply concatenate the IV and cipher text like so:

$data = $iv.$encryptedMessage;

Then on retrieval, pull the IV out for decryption:

$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$iv = substr($data, 0, $iv_size);
$decryptedMessage = openssl_decrypt(substr($data, $iv_size), $encryptionMethod, $secretHash, 0, $iv);

If you’re storing the IV in a database for example, you could also store the IV in an adjacent column to simplify the extraction process.

For more info, check out PHP’s Mcrypt library. It’s quite full featured and has tons of examples, many of which can help you out with openssh encryption implementations.
http://php.net/manual/en/function.mcrypt-encrypt.php

An obligatory security disclaimer: My words describe the simplest of simple concepts in the simplest possible way. In the reach and depth of my knowledge, I am an absolute novice. Even the best of the best security researchers and experts introduce encryption vulnerabilities all the time. Even so, the less you write on your own, the better off your users, customers, family, and friends will be. No offense! While it’s fun, interesting, and even practical to learn about encryption theory, especially applied to computer science in something as accessible as PHP, staying up to date with best practices and using the latest trusted libraries is going to provide the most secure systems for 99.9999999% of us. Nothing is perfect, but it’s best to stand on the shoulders of giants. As a wise man probably might have said, “The more you learn the more you realize how little you know.”

More Related Contents:

  1. Generating cryptographically secure tokens
  2. How Secure Is This Login System? (Using Cookies In PHP)
  3. What are the best practices for avoiding xss attacks in a PHP site [closed]
  4. When should I use prepared statements?
  5. “Keep Me Logged In” – the best approach
  6. Full Secure Image Upload Script
  7. Preparing for removal of Mcrypt in PHP 7.2
  8. How safe are PHP session variables?
  9. Generating a random password in php
  10. What does it mean to escape a string?
  11. Preventing session hijacking
  12. Why is using a mysql prepared statement more secure than using the common escape functions?
  13. Are mysql_real_escape_string() and mysql_escape_string() sufficient for app security?
  14. how safe are PDO prepared statements
  15. “slash before every quote” problem [duplicate]
  16. How to create a laravel hashed password
  17. How to run PHP exec() as root?
  18. Hiding true database object ID in url’s
  19. SSL operation failed with code 1: dh key too small
  20. You must enable the openssl extension to download files via https
  21. CodeIgniter – why use xss_clean
  22. Session hijacking and PHP
  23. Codeigniter CSRF – how does it work
  24. How to protect my source code when deployed?
  25. Check if http request comes from my android app
  26. Unique key generation
  27. Is it possible to execute PHP with extension file.php.jpg?
  28. When to use filter_input()
  29. Proper session hijacking prevention in PHP
  30. Fatal error: Call to undefined function openssl_random_pseudo_bytes()

Leave a Comment