Mcrypt function: what mode to use

Hi,

We normally use “mcrypt” to encrypt small pieces of text. We have done this in the past using “ECB” mode.
At the moment we have a requirement to encrypt whole XML files which are about 5-7kb in size, and I’m unsure on what mode to use.

http://www.php.net/manual/en/mcrypt.constants.php
-The operations are explained here,

but I am confused on what is the recommendation for our XML files.
It seems that ECB, is better for short lines of data, but currently it is working fine for us even for our XML files.

Does anyone have any guideline on what I should use, and if that recommendation is CFB or CBC, then:

  • should the “iv” be the same for encryption as for decryption? I read this on the PHP manual. However at the moment we are generating the $iv according to the below code:

	//Open the cipher
	$td = mcrypt_module_open('rijndael-256', '', 'ecb', '');

	/* Create the IV and determine the keysize length
	   MCRYPT_RAND (system random number generator) - faster
	   MCRYPT_DEV_RANDOM (read data from /dev/random)
	   MCRYPT_DEV_URANDOM (read data from /dev/urandom). Prior to PHP 5.3.0, MCRYPT_RAND was the only one supported on Windows. 
	*/
	$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
	$ks = mcrypt_enc_get_key_size($td);

	//key
	$key = substr(md5($key), 0, $ks); //$key is my own key such as "123"
	
	
	//encrypt secret code
	mcrypt_generic_init($td, $key, $iv);
	$encrypted_data = mcrypt_generic($td, $code);
	mcrypt_generic_deinit($td);
	mcrypt_module_close($td);
		

Thanks,
Rishi