encryption - 3DES PHP decrypts same result even if a char is added at the end -

so using class encrypt or decrypt data:

class cryptdata {     private $hash;     function __construct($hash) {         $key = md5($hash, true);         $key .= substr($key, 0, 8);         $this->hash = $key;     }     public function encrypt($data)     {         $encdata = openssl_encrypt($data, 'des-ede3', $this->hash, openssl_raw_data);         return base64_encode($encdata);     }     public function decrypt($data)     {         $data = base64_decode($data);         return openssl_decrypt($data, 'des-ede3', $this->hash, openssl_raw_data);     } } 

and works fine example, if use:

hash = 12345 text = 1234567891234567 

and encrypt results

decdata = lq1zff+uiaas6gxega5x6bempoubhpca

now if try decrypt data plain text, gives me correct result if add char @ end of decdata like

decdata = lq1zff+uiaas6gxega5x6bempoubhpcaa

surprisingly gives correct plain text well..!! have noticed after few more test, decdata no '=' @ end, if add char decrypt text without error. example, if try

hash = 12345 text = 12345 

then result

decdata = cqm/zbysrrs=

now if decrypt adding char @ end error.

so sum all, when try encrypt text of length = 16 or more there's no '=' in decrypted data. don't have problem if try decrypt decrypted data adding char @ end, gives me correct text back.

why possible , there security issue problem data?

base64 used encoding binary data text each base64 character represents 6 bits. each 3 bytes (24 bits) of input gives 4 base64 characters. in case input length not multi-plum of 3 last block of base64 padded 1 or 2 '='

base64 encoded data needs in block of 4 base64 characters valid base64. seems php's base64_decoder(..) ignores last invalid base64 char. can see following code:

echo strlen(base64_decode("lq1zff+uiaas6gxega5x6bempoubhpca")); echo "\n"; echo strlen(base64_decode("lq1zff+uiaas6gxega5x6bempoubhpcaa")); 

giving:

24 24