SitePoint Sponsor |
|
User Tag List
Results 1 to 8 of 8
Thread: Cryptography in PHP
-
Sep 1, 2001, 11:03 #1
- Join Date
- Aug 2000
- Location
- Houston, TX, USA
- Posts
- 6,455
- Mentioned
- 11 Post(s)
- Tagged
- 0 Thread(s)
Cryptography in PHP
I was wondering if anyone had any algorithms that they use to encode things? I would like to see some because I am trying to design a cryptographic system for PHP that uses 3 dimensions (in other words a third variable, z). I don't know how much more secure this would be and I would like any input anyone has to offer.
Thanks,ssegraves [at] gmail.com
On Image Use, Abuse, and Where We're Headed
stephan | XMLHttpRequest Basics
flickr | last.fm | Cogentas, LLC
-
Sep 1, 2001, 11:07 #2
Why can't you just use md5?
SeanHarry Potter
-- You lived inside my world so softly
-- Protected only by the kindness of your nature
-
Sep 1, 2001, 11:14 #3
- Join Date
- Aug 2000
- Location
- Houston, TX, USA
- Posts
- 6,455
- Mentioned
- 11 Post(s)
- Tagged
- 0 Thread(s)
Because md5() is not true cryptography..... It is a one way function that writes a 32 bit long output. The only way to compare strings is to md5() both of them and see if they match.... I would rather decrypt the one string and see if they match. Just personal preference I guess.
ssegraves [at] gmail.com
On Image Use, Abuse, and Where We're Headed
stephan | XMLHttpRequest Basics
flickr | last.fm | Cogentas, LLC
-
Sep 1, 2001, 23:50 #4
- Join Date
- Oct 2000
- Location
- Austin, TX
- Posts
- 1,438
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Ah but decryption is itself a security risk: it's much much more secure to use a one-way encryption algorithm.
ck :: bringing chris to the masses.
-
Sep 6, 2001, 03:38 #5
- Join Date
- Jun 2001
- Location
- Newcastle, England
- Posts
- 268
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
But some applications need to use a two-way cipher system; one-way hashes are fine if you are comparing two things, but a bit useless if you ever need to recover what you hashed.
Storing passwords is an example - storing an unencrypted password is a security risk, so ideally you'd want to store an encrypted version. But if you store a hash of the password, you can never recover it; if the user forgets their password they have to have a new one set, as the old one is forever lost. A two-way cipher would resolve that problem. And of course if you need to send a message which has to be recovered and read, you need a two-way system.
If however you are simply comparing two things, then there's no real reason not to use one-way hashes like md5.
I don't know a great deal about cryptography, only what I learned at university (very little), but writing a full-on, robust cryptosystem isn't exactly easy unless you completely understand the maths involved. I'd suggest checking out some security and cryptography sites first; if no-one has written what you need already, I imagine you can probably find a lot of good infrormation to help you. I'm afraid I haven't got any decent bookmarks any more to help out - sorry
.
-
Sep 6, 2001, 06:50 #6
- Join Date
- Sep 2001
- Location
- Lausanne, Switzerland
- Posts
- 27
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
The Blowfish algorithm is being implemented in PHP. Search through deja.com's news to learn more (there is no public version yet though, I think).
-
Sep 6, 2001, 21:46 #7
- Join Date
- Aug 2000
- Location
- Houston, TX, USA
- Posts
- 6,455
- Mentioned
- 11 Post(s)
- Tagged
- 0 Thread(s)
I want a cryptographical system that is comparable to the Blowfish system or even attempt PGP.
I have a fairly good grasp on advanced mathematics (Trig, Calculus, and Algebra). So now all I need is ideas.
In the coming weeks I will probably have some examples to show of the system (as I will make the system publicly available).ssegraves [at] gmail.com
On Image Use, Abuse, and Where We're Headed
stephan | XMLHttpRequest Basics
flickr | last.fm | Cogentas, LLC
-
Sep 6, 2001, 23:01 #8
- Join Date
- Apr 2000
- Location
- Melbourne
- Posts
- 832
- Mentioned
- 4 Post(s)
- Tagged
- 0 Thread(s)
Sounds pretty interesting Hartmann. I'll look forward to checking it out when you have something working.
I recently read a book on cryptographic history (The Code Book) that went from Caesars Ciphers all the way through to PGP and DES.
I got the idea that the DES maths was pretty much out there, even though the US government makes sites carry messages saying you shouldn't download this stuff if you're a terrorists or something.
Try this guy . Haven't tried the maths but there's heaps of stuff on his site.
This is heavy too but try this
Bookmarks