- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: php-security/mcrypt-deprecated
Language: PHP
Severity: Error
Category: Security
CWE: 327
The Mcrypt library has been deprecated as of PHP 7.1.0 and removed entirely in PHP 7.2.0. Its use in modern applications is strongly discouraged due to its outdated and insecure cryptographic algorithms.
Using deprecated encryption methods can lead to significant security vulnerabilities, including susceptibility to brute force attacks and other forms of cryptographic hacking. These vulnerabilities can lead to the exposure of sensitive user data, which can have severe legal and reputational consequences.
To avoid this, it is recommended to use modern and secure encryption methods, such as the openssl_encrypt
function with “aes-256-gcm” cipher method or the sodium_crypto_aead_aes256gcm_encrypt
function. These methods provide strong encryption and are actively maintained, ensuring that your application remains secure against the latest threats. Maintaining an awareness of current best practices in cryptographic security is an essential part of responsible PHP development.
<?php
// Weak encryption using openssl with DES
$key = "key";
$data = "Sensitive Data";
openssl_encrypt($data, "des-ofb", $key, $options=OPENSSL_RAW_DATA, $iv); // Noncompliant
<?php
// Weak encryption using mcrypt with DES and ECB mode
$key = 'bad-key-';
$data = 'Sensitive Data';
$encryptedData = mcrypt_encrypt(MCRYPT_DES, $key, $data, MCRYPT_MODE_ECB);
<?php
// Strong encryption using sodium with aes-256
$key = "key";
$data = "Sensitive Data";
$nonce = "fh574569";
sodium_crypto_aead_aes256gcm_encrypt($data, '', $nonce, $key);
<?php
// Strong encryption using openssl with aes-256
$key = "key";
$data = "Sensitive Data";
openssl_encrypt($data, "aes-256-gcm", $key, $options=OPENSSL_RAW_DATA, $iv);