Page 1 of 1

Using an empty Initialization Vector (iv) is potentially insecure

Posted: Wed Jan 03, 2018 9:57 pm
by Evilonion
Any ideas how i can overcome this issue in my error logs?
Im using paypal Iframe as the payment method
Full SSL is forced across the entire site.

2018-01-03 13:51:17 - PHP Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in /var/sites/f/website.co.uk/public_html/newshop/system/library/encryption.php on line 23

Re: Using an empty Initialization Vector (iv) is potentially insecure

Posted: Thu Jan 04, 2018 6:44 am
by straightlight
Contact your host to upgrade your PHP v5.6 as well as the most compatible mySQLi library version. Your PHP version is outdated to support vector iv's security compliance.

Re: Using an empty Initialization Vector (iv) is potentially insecure

Posted: Wed Feb 07, 2018 5:14 am
by OSWorX
While this tip is nice, it will not solve your problem.
Because this is based on the way how the current encryption class works.

And this class simply does not use Initialization Vector (iv).

That means, either fill your log with stupid messages - or rework the encryption class to be 100% compatbile with current standards.

Re: Using an empty Initialization Vector (iv) is potentially insecure

Posted: Wed Feb 14, 2018 7:20 pm
by juliusnkemdiche
@EVILON, were you able to find a solution for this? I've experiencing the same issue.

Re: Using an empty Initialization Vector (iv) is potentially insecure

Posted: Thu Feb 15, 2018 5:53 am
by straightlight
juliusnkemdiche wrote:
Wed Feb 14, 2018 7:20 pm
@EVILON, were you able to find a solution for this? I've experiencing the same issue.
The solution is posted ... right above: viewtopic.php?f=202&t=200897#p709367

Re: Using an empty Initialization Vector (iv) is potentially insecure

Posted: Sun Jun 10, 2018 8:19 pm
by straightlight
That means, either fill your log with stupid messages - or rework the encryption class to be 100% compatbile with current standards.
Done. An updated solution has been posted here: viewtopic.php?f=198&t=204707&p=725370#p725077