On AWS Amazon Linux if you are using php 7.0.X version
then please use this command to install mcrypt library.
[ec2-user@12.123.123.123 ~] sudo yum install php70-mcrypt
PHP - Manual:
2024-04-18
警告
This feature was DEPRECATED in PHP 7.1.0, and REMOVED in PHP 7.2.0.
Alternatives to this feature include:
注意:
此扩展已被移至 » PECL 资源库且不再与 PHP 捆绑。7.2.0.
本扩展是 mcrypt 库的接口,mcrypt 库提供了对多种块算法的支持, 包括:DES,TripleDES,Blowfish (默认), 3-WAY,SAFER-SK64,SAFER-SK128,TWOFISH,TEA,RC2 以及 GOST,并且支持 CBC,OFB,CFB 和 ECB 密码模式。 甚至,它还支持诸如 RC6 和 IDEA 这两种“非免费”的算法。 默认情况下,CFB/OFB 是 8 比特的。
add a note
User Contributed Notes 3 notes
info at neutrosolutions dot com ¶
5 years ago
enclaved ¶
4 years ago
Avoiding mcrypt is only half of the advice. The other half: NEVER do crypto in PHP in the first place! It is a very sloppy and most likely insecure enterprise. If you think you need PHP-based crypto to do something, then be advised that this fact is an alarming signal that something about your application design is very wrong. PHP is neither the right tool nor the right environment for cryptography. Just remember this single rule of thumb: cryptographic secrets must never cross subsystem/layer boundaries:
Database <-- ! --> CGI program <-- ! --> HTTP server
Cryptographic tasks are performed either by the HTTP server (e.g. authentication of users with client SSL certificates) or the RDBMS (e.g. password-based access to data), and these tasks must be ENCAPSULATED inside the facility, self-contained. For example, if you store KDF-derived digests of passwords in an SQL database, you must NOT compare digests in PHP, but only in SQL queries or stored procedures. Once produced and put into the database, a password digest (or any other sensitive data) must not exit it in any way as-is, be it a SELECT query or some other way, that is considered a leak in the cryptosystem. Use ONLY database-provided means to perform any crypto operations.
As PostgreSQL is the usual database of choice for technically advanced and sound WWW or intranet sites, my advice is to use its pgcrypto extension, it is mature, well-tested, and has all the right tools. Here's a textbook password handling example to illustrate how secrets can be confined within the database layer without extracting them into the PHP layer. Password digest derivation and storing:
INSERT INTO account (digest) VALUES (crypt('password', gen_salt('bf'));
Verification:
SELECT digest = crypt('password', gen_salt(digest)) FROM account;
Exceptionally simple, elegant, clean, and secure (Blowfish is more than enough for user-set passwords), isn't it? And the best part about it: no PHP involved in crypto!
c dot light93 at gmail dot com ¶
7 years ago
if you get a "The mcrypt extension is missing" alert somewhere, use
"sudo php5enmod mcrypt" and restart your server to enable it.
IT
PHP
编程语言
Linux
科技
开发编程
Elasticsearch
HTML/CSS/XML
网络
JAVA
NoSQL
C/C++
面试
Golang
数据库
Git
算法
正则表达式
操作系统
Redis
互联网
MySql
JavaScript
运维
软件
架构设计
Mac OS
TCP/IP
国际
Excel
Vim
Windows
Socket
Oracle
VR
MongoDB
运营
Python
MemCache
商业
硬件
电子
设计
nginx
娱乐
摄影
游戏
WordPress
HTTP
团建
数码电器
广告
广告
php7 安装fileinfo扩展
preg_split — 通过一个正则表达式分隔字符串
[PHP] inet_pton/inet_ntop IP地址转换函数
php位值,解决 PHP 中 usort 在值相同时改变原始位置的问题
PHPMailer设置utf8 PHPMailer字符集CharSet
如何在Composer中为GitLab实例设置访问令牌
array_multisort() 多字段排序
laravel框架查看sql语句方式
[原创]诡异的php-fpm超时问题
PHP获取指定函数定义在哪个文件中及行号
PHP5 扩展SOAP 调用 webservice
php设置cookie为httponly防止xss攻击
利用php soap实现web service
PHP-FPM进程数的设定
利用PHP SOAP实现WEB SERVICE
PHPstorm 里面Terminal 不能使用 esc键吗退出编辑模式吗
纯php实现DES以及TripleDES加密算法
PHP注释规范
php上周一、本周一、下周一日期
Composer的Packagist资源