Support » Plugin: Two Factor Auth » Does not work with the latest version of WordPress

  • Moved my site to the new hosting, and it just locked me down.

    Half a day later I turned on all the PHP warning and saw that all over the place:

    Warning: mcrypt_decrypt(): Key of size 0 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported in /usr/share/nginx/html/blog/wp-content/plugins/two-factor-auth/class.TFA.php on line 394

    Pretty messed up.

Viewing 1 replies (of 1 total)
  • … And that’s a very serious message indeed. It means that when it worked, it just didn’t provide any reasonable key to encrypt your data with.

    Lately, PHP mcrypt module changed its behavior from padding keys and IVs with ” bytes to the next valid size to just refusing to work. “Key of size 0 not supported by this algorithm” here means that first plugin provided no key data, then it got padded to 16 bytes with just zeros, and that byte string became the key. Essentially it means that data got encrypted with the same key of zeroes all the time.

    Author tried hard to build up his own encryption system instead of using something readily available, and failed. Consequently the plugin is insecure until this gets fixed, and luckily enough it’s unusable on the newer systems.

    TL;DR Do not use until the issue gets fixed.

Viewing 1 replies (of 1 total)
  • The topic ‘Does not work with the latest version of WordPress’ is closed to new replies.