No. In general, it is only safe to use libraries that have undergone extensive scrutiny from experts in this area. Not only does the implementation need to be correct, but it needs to take into account things like side-channel attacks (ie attacks that exploit failures in the implementation of the algorithm, not in its logic). This is something that "common" developers are not qualified to evaluate.
However, in this case you do not have to go that far: a look at the source code revealed that it operates under the > ECB mode of operation :
public function encrypt($text)
{
$t = ""; // 16-byte bloco
$y = ""; // Para retorno do bloco cifrado.
$xsize = strlen($text);
for ($i = 0; $i < $xsize; $i += 16){
for ($j = 0; $j < 16; $j++){
if (($i+$j) < $xsize){
$t[$j] = $text[$i+$j];
}else{
$t[$j] = chr(0);
}
}
$y .= $this->encryptBlock($t);
}
return $y;
}
The ECB is a "naive" implementation of cryptography, the way a person who only studied their basics would implement it. And it is totally unsafe. The image below was encrypted using ECB, can you guess what it's all about?
Asforasecurealternative,unfortunatelyIknowlittleofPHPtoindicatesomething.Thefunctions mcrypt_generic
and mdecrypt_generic
should be good enough, but I do not know how to use them correctly. This answer in SOen also gives some suggestions that at first glance seem good (but again, I do not know how to evaluate). And if you have access to the OpenSSL , maybe there is some AES encryption option that you can use (although the focus of this library is public key cryptography).
Whichever solution you choose, be sure to choose a safe mode of operation and preferably authenticated ( CCM, GCM, EAX or OCB). AES is just a cryptographic primitive, not a complete protocol, you have to keep this in mind.