After taking into accound answers for my questions here and here I created (well may-be) improved version of my wrapper. The key issue was what if an attacker is knowing what is encoded - he might then find the key and encode another messages. So I added XOR before encryption. I also in this version prepend IV to the data as was suggested.
sha256 on key is only for making sure the key is as long as needed for the aes alg, but I know that key should not be plain text but calculated with many iterations to prevent dictionary attack
function aes192ctr_en($data,$key) {
$iv = mcrypt_create_iv(24,MCRYPT_DEV_URANDOM);
$xor = mcrypt_create_iv(24,MCRYPT_DEV_URANDOM);
$key = hash_hmac('sha256',$key,$iv,true);
$data = $xor.((string)$data ^ (string)str_repeat($xor,(strlen($data)/24)+1));
$data = hash('md5',$data,true).$data;
return $iv.mcrypt_encrypt('rijndael-192',$key,$data,'ctr',$iv);
}
function aes192ctr_de($data,$key) {
$iv = substr($data,0,24);
$data = substr($data,24);
$key = hash_hmac('sha256',$key,$iv,true);
$data = mcrypt_decrypt('rijndael-192',$key,$data,'ctr',$iv);
$md5 = substr($data,0,16);
$data = substr($data,16);
if (hash('md5',$data,true)!==$md5) return false;
$xor = substr($data,0,24);
$data = substr($data,24);
$data = ((string)$data ^ (string)str_repeat($xor,(strlen($data)/24)+1));
return $data;
}
$encrypted = aes192ctr_en('secret text','password');
echo $encrypted;
echo aes192ctr_de($encrypted,'password');
another question is if ctr mode is ok in this context, would it be better if I use cbc mode ?
Again, by safe I mean if an attacter could guess password if he knows exact text that was encrypted and knows above method. I assume random and long password here.
Maybe instead of XOR will be safer to random initial data with another run of aes or other simpler alg like TEA or trivium ?
