mcrypt_enc_get_key_size

(PHP 4 >= 4.0.2, PHP 5)

mcrypt_enc_get_key_size -- Returns the maximum supported keysize of the opened mode

Description

int mcrypt_enc_get_key_size ( resource td )

This function returns the maximum supported key size of the algorithm specified by the encryption descriptor td in bytes.


add a note add a note User Contributed Notes
terry _at_ scribendi_com
29-Apr-2005 06:06
The key size returned by this function is for keys consisting of 8-bit characters.  For example, 256-bit algorithms require 32-character keys.

However, if you are using alphanumeric keys [A-Za-z0-9] beware that strength is reduced, because you are only using a set of 64 characters, which could be represented in 6 bits.  You get: 6 x 32 = 192-bit encryption.

Avoid using string representations hashes - md5() or sha1() - because hex encoding uses a set of only 16 characters [0-9a-f], which is equivalent to 4 bits, and thus halve the strength of your encryption: 4 x 32 = 128-bit. 

A 64 character hex representation of an SHA-256 hash will not improve matters, because only the first 32 characters can be used. You need an 8-bit representation of SHA-256, or of two MD5s, to get full 256-bit strength.

The problem is somewhat reduced in OFB, CFB or CBC mode by the use of IVs, but only if you do not package your IV with the encrypted data.