0

Replace mcrypt with a current library

bill 3 months ago updated by antonio rao 2 months ago 5

Hi. While digging around to try and fulfill the mcrypt PHP module requirement for a new install of Teampass, I came across the following blog post from 2015 which explains why I am having so much trouble finding a compatible copy of mcrypt to install on my server.


https://blog.remirepo.net/post/2015/07/07/About-libmcrypt-and-php-mcrypt


Further digging led to the Wikipedia page for mcrypt where I found this quote...


"The last update to libmcrypt was in 2007,[1] despite years of unmerged patches.[2] These facts have led security experts to declare mcrypt abandonware and discourage its use in new development. Maintained alternatives include ccrypt, libressl, and others.[3]"


Based on this and other pages, it looks like the package managers for my Linux distro (RHEL /CentOS) have started removing the PHP mcrypt module from their repositories. While I find references to the modules from several years ago, the modules are gone now.

While I would like to keep using Teampass, I'm not sure I want to spend the time hunting down the missing module and beating my server over the head until it works.

Are there any plans for replacing mcrypt already in the works? Is this something that might happen soon? I have an old copy of Teampass 2.1.23 running for now but I would like to get it upgraded and move on to a new server before the old one goes EOL.


today i installed the latest version on ubuntu 20 lts without worrying about the module. are you sure it is still needed?

this is what i did: sudo apt-get install apache2 mariadb-server php php-cli libapache2-mod-php php-mysql php-curl php-mbstring php-bcmath php-common php-gd php-xml git

+1

I did not actually try installing it without mcrypt. I was working from the list of requirements on the github teampass page where it lists mcrypt as a required php extension. I will see if it works without mcrypt on my server...

i think that guide is not really updated. im not sure if teampass itself is still being developed

So I went back and finished the steps needed to get teampass installed. Once I got the selinux permissions sorted, it seems to run just fine. I guess you are right that mcrypt is no longer required and it's just the documentation that needs updating. As for current development, I see there is at least current activity, even if it doesn't look very active.

Thanks for your help.