Posted by Scott Arciszewski on Jan 16
Consider this email the spiritual successor to my most recent post on Full
Disclosure (http://seclists.org/fulldisclosure/2016/Jan/50).
Today, we’re going to talk about this library:
https://github.com/gilfether/phpcrypt/issues/6
Let’s go down the list:
– [x] Wrote their own block cipher implementation
– [x] …in PHP…
– [x] …and forgot to account for function overloading!
– [x] Chosen-ciphertext attacks (The existence for which…