Backwards Compatibility with PHP 7 and Mcrypt Key Sizes

We recently upgraded a server to PHP7 which interacts via a client API with an older server running PHP 5.5. One of the authentication mechanisms utilizes the functions mcrypt_encrypt. An interesting problem arose in the client library, as the mcrypt module was deprecated in PHP 5.6 with breaking changes:

Invalid key and iv sizes are no longer accepted. mcrypt_encrypt() will now throw a warning and return FALSE if the inputs are invalid. Previously keys and IVs were padded with ‘\0‘ bytes to the next valid size

Continue reading