SitePoint Sponsor

User Tag List

Results 1 to 10 of 10

Hybrid View

  1. #1
    SitePoint Zealot
    Join Date
    Sep 2000
    Location
    Seattle, WA area
    Posts
    104
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi!

    For a future project, I will need to encrypt a string of characters (both letters and numbers). I need a high-security way to do this. What is a good encryption method to use that is already in PHP or can be easily added?

    Also, how would I encrypt a string and how would I decrypt a string?

    I think I'm looking for something like RC-5 or something like that.

    Thanks.

  2. #2
    Database Jedi MattR's Avatar
    Join Date
    Jan 2001
    Location
    buried in the database shell (Washington, DC)
    Posts
    1,107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The MD5 function is a one-way hash to securely encrypt a string. It is NOT reversible which is where the security lies.

    Depending on your application you can very easily use this for password authentication and the like -- simply store the MD5'ed value of the password and compare it to the MD5 hash.

    If you need encryptable and decryptable strings look up the crypt function at php.net.

  3. #3
    SitePoint Zealot
    Join Date
    Sep 2000
    Location
    Seattle, WA area
    Posts
    104
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The application I'm developing will need to be able to decrypt an encrypted string it receives. I looked up the crypt function, but it says that "There is no decrypt function, since crypt() uses a one-way algorithm."

    I need to be able to receive a string and decrypt it with the key that I (earlier) encoded it with. Anyone know how to do that?

    Thanks.

  4. #4
    Database Jedi MattR's Avatar
    Join Date
    Jan 2001
    Location
    buried in the database shell (Washington, DC)
    Posts
    1,107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try mcrypt:
    http://www.php.net/manual/en/ref.mcrypt.php

    It looks like it has a mdecrypt( .. ); function.

  5. #5
    SitePoint Zealot
    Join Date
    Sep 2000
    Location
    Seattle, WA area
    Posts
    104
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Okay. I found this on the md5() page on php.net. Here's the code:
    Code:
    <?php
    function keyED($txt,$encrypt_key)
    {
    $encrypt_key = md5($encrypt_key);
    $ctr=0;
    $tmp = "";
    for ($i=0;$i<strlen($txt);$i++)
    {
    if ($ctr==strlen($encrypt_key)) $ctr=0;
    $tmp.= substr($txt,$i,1) ^ substr($encrypt_key,$ctr,1); 
    $ctr++;
    }
    return $tmp;
    }
    function encrypt($txt,$key)
    {
    srand((double)microtime()*1000000);
    $encrypt_key = md5(rand(0,32000));
    $ctr=0; 
    $tmp = ""; 
    for ($i=0;$i<strlen($txt);$i++) 
    { 
    if ($ctr==strlen($encrypt_key)) $ctr=0; 
    $tmp.= substr($encrypt_key,$ctr,1) .
    (substr($txt,$i,1) ^ substr($encrypt_key,$ctr,1));
    $ctr++;
    }
    return keyED($tmp,$key); 
    }
    function decrypt($txt,$key)
    {
    $txt = keyED($txt,$key);
    $tmp = ""; 
    for ($i=0;$i<strlen($txt);$i++) 
    {
    $md5 = substr($txt,$i,1);
    $i++;
    $tmp.= (substr($txt,$i,1) ^ $md5);
    }
    return $tmp; 
    } 
    
    $key1 = "one"; 
    $key2 = "two"; 
    $key3 = "three"; 
    $key4 = "four"; 
    $key5 = "five";
    
    $text = "test";
    
    $enc = base64_encode(keyED(encrypt(keyED(encrypt(keyED($text,$key1),$key2),$key3),$key4),$key5)); 
    $dec = keyED(decrypt(keyED(decrypt(keyED(base64_decode($enc),$key4),$key5),$key3),$key2),$key1);
    print "
    Original text :
    $text <br>
    Encrypted :
    <pre>$enc</pre><br>
    Decrypted :
    $dec";
    ?>
    How safe and secure is that (I'll use longer keys, of course)?

    If I encode "SitePoint" into it, I get:
    O1FhPDdeMgoxDzJKMVNnCDBfYWE4WGBaawBgV2ABNFFqDDBF

    It also decrypts properly.

    Thanks.

  6. #6
    SitePoint Member
    Join Date
    Mar 2001
    Location
    Albany, NY
    Posts
    15
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Personally I'd go with the Mcrypt functions, you can do some pretty hefty encryption using them. And also the code would be a little cleaner.
    John Reyes
    HostRocket.com Support

  7. #7
    SitePoint Wizard silver trophy Karl's Avatar
    Join Date
    Jul 1999
    Location
    Derbyshire, UK
    Posts
    4,411
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm willing to bet that the function above can be brute forced or cracked very easily.

    I would use Mcrypt and a suitable algorithm such as Blowfish if you want it to be secure and reversable.
    Karl Austin :: Profile :: KDA Web Services Ltd.
    Business Web Hosting :: Managed Dedicated Hosting
    Call 0800 542 9764 today and ask how we can help your business grow.

  8. #8
    SitePoint Zealot
    Join Date
    Sep 2000
    Location
    Seattle, WA area
    Posts
    104
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Can you give me some example code of Mcrypt with Blowfish?

    Thanks.

  9. #9
    SitePoint Columnist Skunk's Avatar
    Join Date
    Jan 2001
    Location
    Lawrence, Kansas
    Posts
    2,066
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you really need high standard encryption that you can rely on it may be worth using something like PGP (Pretty Good Privacy) or the GNU alternative. There is an excellent tutorial on using these packages with PHP here:

    http://hotwired.lycos.com/webmonkey/...tutorial1.html

  10. #10
    SitePoint Zealot
    Join Date
    Sep 2000
    Location
    Seattle, WA area
    Posts
    104
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Is there any kind of a GnuPGP class that I could just use in PHP? I don't think that I'll be able to install PGP or recompile PHP with the mcrypt lib functions on the server that this will be on.

    Any suggestions?

    Thanks a lot.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •