Speed of different PHP mcrypt algorithms

Asked
Active3 hr before
Viewed126 times

6 Answers

different
90%

Here is full test benchmark for speed comparison for MCrypt versus OpenSSL in PHP (symmetric cyphers):, @forsberg This was tested on PHP 5.5. some time ago. However, PHP version does not matter in this case, since encryption / decryption algorithm is what determines CPU cycles. Similar results would be achieved also with PHP 7. AES is generally much faster algo. – lubosdz Sep 22 '17 at 20:37 ,I encrypted a simple string: "This is a test". The following results are for 1000 iterations (results are in second).,http://www.synet.sk/php/en/320-benchmarking-symmetric-cyphers-openssl-vs-mcrypt-in-php

I am using AES 256 (MCRYPT_RIJNDAEL_256), why? Because of the algorithm notoriety and widespread usage. I'm also encrypting using CBC mode, I don't understand exactly the reason why but from what I read from various sources it's much more reliable (as in secure) than ECB.

MCRYPT_RIJNDAEL_256

I am using AES 256 (MCRYPT_RIJNDAEL_256), why? Because of the algorithm notoriety and widespread usage. I'm also encrypting using CBC mode, I don't understand exactly the reason why but from what I read from various sources it's much more reliable (as in secure) than ECB.

CBC
load more v
88%

mcrypt_enc_self_test — Runs a self test on the opened module,mcrypt_module_self_test — This function runs a self test on the specified module,mcrypt_create_iv — Creates an initialization vector (IV) from a random source,mcrypt_generic_init — This function initializes all buffers needed for encryption

people using phpmyadmin are redirected to this manual
if they don 't have mcrypt installed. If you want to install mcrypt on debian, first check your php version:yourserver# php --versionThen install the appropriate version of mcrypt (php5-mcrypt if your php version is 5.x)yourserver# apt-get install php4-mcrypt...or...yourserver# apt-get install php5-mcrypt
load more v
72%

I run a test to check the speed of various mcrypt algos.,Proven algorithms: Cast-128, Gost, Rijndael-128, Twofish, Cast-256, Loki97, Rijndael-192, Saferplus, Blowfish-compat, Des, Rijndael-256, Serpent, Xtea, Blowfish, Rc2, Tripledes.,What mcrypt algo and mode are you using and why? I know that this depends on the situation, the level of security, etc., but give a few examples.,how to check if an array has value === null without a loop? - php

I am using AES 256 ( MCRYPT_RIJNDAEL_256 ), why? Due to the coherence of the algorithm and widespread use. I also encrypt using CBC mode, I don’t understand exactly why, but from what I read from different sources, it is much more reliable (as in security) than ECB.

MCRYPT_RIJNDAEL_256
load more v
65%

Look at this list of mcrypt ciphers and tell me how you would implement AES-256-CBC. If your code looks like this, you've just run headfirst into the first (and arguably most common) mcrypt design wart:,And here's the library written using OpenSSL., Our team specializes in studying real world cryptography implementations to assure their correctness and security. ,The rest of this post is intended for PHP developers who still want to write their own cryptography code, or already have.

Look at this list of mcrypt ciphers and tell me how you would implement AES-256-CBC. If your code looks like this, you've just run headfirst into the first (and arguably most common) mcrypt design wart:

function encryptOnly($plaintext, $key) {
   $iv = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
   $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $plaintext, MCRYPT_MODE_CBC, $iv);
   return $iv.$ciphertext;
}
load more v
75%

So guys, there's plenty of different ciphers available - but which one is the safest to use nowadays?,Not only that, the IV must be random or you would be in violation of CWE-329. The reason why this is a problem is a bit more subtle and I didn't get it at first. You didn't mention this, but i hope you are using either the CBC or CMAC modes,List: http://www.php.net/manual/en/mcrypt.ciphers.php,...where "xx" is the length of your salt value. So the salt value has to be exactly 16, 24, or 32 characters in length.

If unsure use AES (also known as "Rijndael") with a 128-bit key. If you have developed some kind of fetish about key size then you could fulfill your irrational qualms by selecting a larger key, e.g. 192 or 256 bits; the extra cost is not high (+40% workload for AES-256, compared to AES-128, and it takes a very very fast network to actually observe that difference).

Beware that, regardless of the key size chosen, the correct mcrypt cipher for AES is always MCRYPT_RIJNDAEL_128. This is because the AES standard refers to the flavor of the Rijndael cipher with a 128-bit block size. If you want AES-256, you need to use MCRYPT_RIJNDAEL_128 with a 256-bit (32 byte) key, not MCRYPT_RIJNDAEL_256.

MCRYPT_RIJNDAEL_128

If unsure use AES (also known as "Rijndael") with a 128-bit key. If you have developed some kind of fetish about key size then you could fulfill your irrational qualms by selecting a larger key, e.g. 192 or 256 bits; the extra cost is not high (+40% workload for AES-256, compared to AES-128, and it takes a very very fast network to actually observe that difference).

Beware that, regardless of the key size chosen, the correct mcrypt cipher for AES is always MCRYPT_RIJNDAEL_128. This is because the AES standard refers to the flavor of the Rijndael cipher with a 128-bit block size. If you want AES-256, you need to use MCRYPT_RIJNDAEL_128 with a 256-bit (32 byte) key, not MCRYPT_RIJNDAEL_256.

MCRYPT_RIJNDAEL_128

If unsure use AES (also known as "Rijndael") with a 128-bit key. If you have developed some kind of fetish about key size then you could fulfill your irrational qualms by selecting a larger key, e.g. 192 or 256 bits; the extra cost is not high (+40% workload for AES-256, compared to AES-128, and it takes a very very fast network to actually observe that difference).

Beware that, regardless of the key size chosen, the correct mcrypt cipher for AES is always MCRYPT_RIJNDAEL_128. This is because the AES standard refers to the flavor of the Rijndael cipher with a 128-bit block size. If you want AES-256, you need to use MCRYPT_RIJNDAEL_128 with a 256-bit (32 byte) key, not MCRYPT_RIJNDAEL_256.

MCRYPT_RIJNDAEL_256
load more v
40%

Like most other classes in CodeIgniter, the Encryption library is initialized in your controller using the $this->load->library() method:,As noted above, MCrypt and OpenSSL support different sets of encryption ciphers. For portability reasons and because we haven’t tested them properly, we do not advise you to use the ones that are driver-specific, but regardless, here’s a list of most of them:,If you wish to use one of those ciphers, you’d have to pass its name in lower-case to the Encryption library.,Using CodeIgniter Libraries

$this - > load - > library('encryption');
load more v

Other "different-undefined" queries related to "Speed of different PHP mcrypt algorithms"