Hi, I encountered an interesting problem with Zend_Filter_Encrypt_Mcrypt. We are hoping to use it to interact with a database that contains encrypted information. We set everything up, plugged our keys in, fired up the app... and nothing decrypted properly. After a little big of digging, we found the issue: three lines of code in the encrypt() and decrypt() methods of the Mcrypt adapter.
srand(); $keysize = mcrypt_enc_get_key_size($cipher); $key = substr(md5($this->_encryption['key']), 0, $keysize); This code appears to be in place to ensure that the key is the correct size. In doing so, it completely changes the actual value of the key. By modifying the key itself the code, for all intensive purposes, eliminates the possibility of Zend_Filter_Encrypt_Mcrypt being able to interact with any other, non Zend Framework (or even non Zend_Filter_Encrypt_Mcrypt) systems. In order for these filters to be useful to us, we need to be able to set the exact key that will be used for encryption. Before we work around the issue here I have a couple of questions for this list: 1.) Am I correct in interpreting that the code above is simply a way of ensuring that the key is the correct size? Is it being used for any other purpose? 2.) Does anyone else see this as a potential issue for them? 3.) Would it be worth us modifying Zend_Filter_Encrypt_Mcrypt to ensure there is a way around the modification of keys? (If not, we may just fork a copy of the class for our own purposes.) Thanks, James
