# Warning: openssl_encrypt(): IV passed is 16 bytes long which is longer than the 8 bytes expected by selected cipher, truncating in /var/www/app/src/Crypto/Encryptor.php on line 23

- **ID:** `php/openssl-iv-length-mismatch`
- **Domain:** php
- **Category:** runtime_error
- **Verification:** ai_generated
- **Fix Rate:** 90%

## Root Cause

The initialization vector (IV) length provided to `openssl_encrypt` or `openssl_decrypt` does not match the block size required by the selected cipher method (e.g., AES-128-CBC expects 16 bytes, but DES expects 8 bytes).

## Version Compatibility

| Version | Status | Introduced | Deprecated |
|---------|--------|------------|------------|
| php 8.1 | active | — | — |
| php 8.2 | active | — | — |
| php 8.3 | active | — | — |
| OpenSSL 3.0 | active | — | — |

## Workarounds

1. **Use `openssl_cipher_iv_length($cipher)` to determine the correct IV length, then generate the IV accordingly: `$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));`** (95% success)
   ```
   Use `openssl_cipher_iv_length($cipher)` to determine the correct IV length, then generate the IV accordingly: `$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));`
   ```
2. **Explicitly set the cipher method to match the IV length, e.g., change from `'des'` to `'aes-128-cbc'` if the IV is 16 bytes.** (90% success)
   ```
   Explicitly set the cipher method to match the IV length, e.g., change from `'des'` to `'aes-128-cbc'` if the IV is 16 bytes.
   ```

## Dead Ends

- **Ignoring the warning and continuing execution** — Truncation of the IV can cause decryption failures or security vulnerabilities; the data may not be recoverable or may be improperly encrypted. (95% fail)
- **Using `openssl_random_pseudo_bytes` without specifying the correct length** — The function defaults to 16 bytes, which may be incorrect for ciphers like DES (8 bytes) or RC4 (no IV); the length must match the cipher's block size. (70% fail)