Mcrypt Is Deprecated, What Is the Alternative

mcrypt is deprecated, what is the alternative?

It's best practice to hash passwords so they are not decryptable. This makes things slightly more difficult for attackers that may have gained access to your database or files.

If you must encrypt your data and have it decryptable, a guide to secure encryption/decryption is available at https://paragonie.com/white-paper/2015-secure-php-data-encryption. To summarize that link:

• Use Libsodium - A PHP extension
• If you can't use Libsodium, use defuse/php-encryption - Straight PHP code
• If you can't use Libsodium or defuse/php-encryption, use OpenSSL - A lot of servers will already have this installed. If not, it can be compiled with --with-openssl[=DIR]

PHP7.1 mcrypt alternative

You should use openssl_encrypt instead.

How to decrypt after Mcrypt deprecation?

I solved it.
Don't know if its the right way (guess not)
But connected remotely on a server with a lower php version.
Decrypted all the content and encrypted with OpenSSL.

Thanks for the suggestions!

mcrypt_create_iv alternative in PHP 7.3

From the documentation for that function:

Alternatives to this function include:

• random_bytes()

mcrypt is deprecated, what is the alternative?

It's best practice to hash passwords so they are not decryptable. This makes things slightly more difficult for attackers that may have gained access to your database or files.

If you must encrypt your data and have it decryptable, a guide to secure encryption/decryption is available at https://paragonie.com/white-paper/2015-secure-php-data-encryption. To summarize that link:

• Use Libsodium - A PHP extension
• If you can't use Libsodium, use defuse/php-encryption - Straight PHP code
• If you can't use Libsodium or defuse/php-encryption, use OpenSSL - A lot of servers will already have this installed. If not, it can be compiled with --with-openssl[=DIR]

---

Related Topics