diff --git a/ChangeLog b/ChangeLog
index 2032a7778..3acc82cd7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -41,6 +41,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - bug #1848889 [export] export trigger should use DROP TRIGGER IF EXISTS
 - bug #1851833 [display] Sorting forgets an explicit LIMIT
  (fix for sorting on column headers)
+- bug #1764182 [cookies] Suhosin cookie encryption breaks phpMyAdmin
 
 2.11.3.0 (2007-12-08)
 - patch #1818389 to remove a notice (failed to flush buffer), thanks to
diff --git a/libraries/auth/cookie.auth.lib.php b/libraries/auth/cookie.auth.lib.php
index 932838580..14282e867 100644
--- a/libraries/auth/cookie.auth.lib.php
+++ b/libraries/auth/cookie.auth.lib.php
@@ -25,12 +25,11 @@ if (function_exists('mcrypt_encrypt') || PMA_dl('mcrypt')) {
      * further decryption. I don't think necessary to have one iv
      * per server so I don't put the server number in the cookie name.
      */
-    if (!isset($_COOKIE['pma_mcrypt_iv'])) {
+    if (empty($_COOKIE['pma_mcrypt_iv'])
+     || false === ($iv = base64_decode($_COOKIE['pma_mcrypt_iv'], true))) {
         srand((double) microtime() * 1000000);
         $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_CBC), MCRYPT_RAND);
         PMA_setCookie('pma_mcrypt_iv', base64_encode($iv));
-    } else {
-        $iv = base64_decode($_COOKIE['pma_mcrypt_iv']);
     }
 
     /**