It essentially wins crypto vulnerability bingo! gilfether/phpcrypt

Posted by Scott Arciszewski on Jan 16

Consider this email the spiritual successor to my most recent post on Full
Disclosure (http://seclists.org/fulldisclosure/2016/Jan/50).

Today, we’re going to talk about this library:
https://github.com/gilfether/phpcrypt/issues/6

Let’s go down the list:

– [x] Wrote their own block cipher implementation
– [x] …in PHP…
– [x] …and forgot to account for function overloading!
– [x] Chosen-ciphertext attacks (The existence for which…

Leave a Reply