Here's a theoretical one that applies not only to PHP, but probably to more languages.
Say I am encrypting a string using a library mcryptusing and AES-256. The string encrypted will now look like þøÆ{"ò(ü´îÚÜÇW¹ËŸK¯L‘rø?ª¶!JF£º+Œ’Ú'‚.
If the encryption key changes between decryption and encryption events, the decryption result will obviously be useless.
Since the encrypted string contains at least random characters, it would not be easy to run some kind of test on it to make sure that it is in an encrypted / decrypted state.
I spent some time thinking. How to check if a string is decrypted correctly?
What should I do if I attach a small prefix to the original string before encrypting it for the first time, and then delete this prefix after decryption. If this prefix was not found, it is safe to say that the decryption failed.
Would this be an appropriate way to handle this?
source
share