| Server IP : 79.136.114.73 / Your IP : 18.191.89.23 Web Server : Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.29 OpenSSL/1.0.1f System : Linux b8009 3.13.0-170-generic #220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 x86_64 User : www-data ( 33) PHP Version : 5.5.9-1ubuntu4.29 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority, MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /usr/share/doc/libmcrypt-dev/ |
Upload File : |
Mcrypt 2.1 was insecure (vulnerable to brute force attack for weak keys) because it just used the plainkey as it was given by the user as algorithm's key. The solution seems to be a function which tranforms the key given by the user to a real -random looking- key. There are many functions that may convert a password or a passphrase to a key. Most of them use hash algorithms. You can find some implementations at the libmhash package at: http://mhash.sourceforge.net