On Sat, Aug 31, 2019 at 11:34 PM Leo Cavalcante <l...@leocavalcante.com> wrote:
> ... > Yeah, I was using a 256-bit length key with AES-128-CBC then trying to > decrypt it in another program never works. > > And in fact, its better to throw or even warn/notice about it instead of > silently allowing it, *what you think?* > I can't imagine a legitimate scenario necessitating too much, or too little, key bits. So, I think this is throw-worthy, perhaps a \RangeException. This isn't my area of expertise though -- so I'm copying Sara who, if memory serves, has recently been dealing with crypto. See also Bug #72247[1]. [1]:https://bugs.php.net/bug.php?id=72247
