Strong cipher algorithms are cryptographic systems resistant to cryptanalysis, they are not vulnerable to well-known attacks like brute force attacks for example.
A general recommendation is to only use cipher algorithms intensively tested and promoted by the cryptographic community.
More specifically for block cipher, it's not recommended to use algorithm with a block size inferior than 128 bits.
<?php // mcrypt_encrypt is deprecated since PHP 7.1 $c1 = mcrypt_encrypt(MCRYPT_DES, $key, $plaintext, $mode); // Noncompliant: DES works with 56-bit keys allow attacks via exhaustive search $c2 = mcrypt_encrypt(MCRYPT_DES_COMPAT, $key, $plaintext, $mode); // Noncompliant: DES works with 56-bit keys allow attacks via exhaustive search $c3 = mcrypt_encrypt(MCRYPT_TRIPLEDES, $key, $plaintext, $mode) // Noncompliant: Triple DES is vulnerable to meet-in-the-middle attack $c4 = mcrypt_encrypt(MCRYPT_3DES, $key, $plaintext, $mode); // Noncompliant: Triple DES is vulnerable to meet-in-the-middle attack $c5 = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plaintext, $mode); // Noncompliant: Blowfish use a 64-bit block size makes it vulnerable to birthday attacks $c6 = mcrypt_encrypt(MCRYPT_RC2, $key, $plaintext, $mode); // Noncompliant: RC2 is vulnerable to a related-key attack $c7 = mcrypt_encrypt(MCRYPT_RC4, $key, $plaintext, $mode); // Noncompliant: vulnerable to several attacks (see https://en.wikipedia.org/wiki/RC4#Security) $c8 = openssl_encrypt($plaintext, "bf-ecb", $key, $options=OPENSSL_RAW_DATA, $iv); // Noncompliant: Blowfish use a 64-bit block size makes it vulnerable to birthday attacks $c9 = openssl_encrypt($plaintext, "des-ede3", $key, $options=OPENSSL_RAW_DATA, $iv); // Noncompliant: Triple DES is vulnerable to meet-in-the-middle attack $c10 = openssl_encrypt($plaintext, "des-ofb", $key, $options=OPENSSL_RAW_DATA, $iv); // Noncompliant: DES works with 56-bit keys allow attacks via exhaustive search $c11 = openssl_encrypt($plaintext, "rc2-cbc", $key, $options=OPENSSL_RAW_DATA, $iv); // Noncompliant: RC2 is vulnerable to a related-key attack $c12 = openssl_encrypt($plaintext, "rc4", $key, $options=OPENSSL_RAW_DATA, $iv); // Noncompliant: vulnerable to several attacks (see https://en.wikipedia.org/wiki/RC4#Security)
<?php $c1= openssl_encrypt($plaintext, "aes-256-gcm", $key, $options=OPENSSL_RAW_DATA, $iv); // Compliant