Cryptography in PHP

**Hartmann** · Sep 1, 2001, 10:03

I was wondering if anyone had any algorithms that they use to encode things? I would like to see some because I am trying to design a cryptographic system for PHP that uses 3 dimensions (in other words a third variable, z). I don't know how much more secure this would be and I would like any input anyone has to offer.

Thanks,

**seanf** · Sep 1, 2001, 10:07

Why can't you just use md5?

Sean

**Hartmann** · Sep 1, 2001, 10:14

Because md5() is not true cryptography..... It is a one way function that writes a 32 bit long output. The only way to compare strings is to md5() both of them and see if they match.... I would rather decrypt the one string and see if they match. Just personal preference I guess.

**Anarchos** · Sep 1, 2001, 22:50

Ah but decryption is itself a security risk: it's much much more secure to use a one-way encryption algorithm.

**CrazyCrane** · Sep 6, 2001, 02:38

But some applications need to use a two-way cipher system; one-way hashes are fine if you are comparing two things, but a bit useless if you ever need to recover what you hashed.

Storing passwords is an example - storing an unencrypted password is a security risk, so ideally you'd want to store an encrypted version. But if you store a hash of the password, you can never recover it; if the user forgets their password they have to have a new one set, as the old one is forever lost. A two-way cipher would resolve that problem. And of course if you need to send a message which has to be recovered and read, you need a two-way system.

If however you are simply comparing two things, then there's no real reason not to use one-way hashes like md5.

I don't know a great deal about cryptography, only what I learned at university (very little

), but writing a full-on, robust cryptosystem isn't exactly easy unless you completely understand the maths involved. I'd suggest checking out some security and cryptography sites first; if no-one has written what you need already, I imagine you can probably find a lot of good infrormation to help you. I'm afraid I haven't got any decent bookmarks any more to help out - sorry

.

**smashway** · Sep 6, 2001, 05:50

The Blowfish algorithm is being implemented in PHP. Search through deja.com's news to learn more (there is no public version yet though, I think).

**Hartmann** · Sep 6, 2001, 20:46

I want a cryptographical system that is comparable to the Blowfish system or even attempt PGP.

I have a fairly good grasp on advanced mathematics (Trig, Calculus, and Algebra). So now all I need is ideas.

In the coming weeks I will probably have some examples to show of the system (as I will make the system publicly available).

**AlexW** · Sep 6, 2001, 22:01

Sounds pretty interesting Hartmann. I'll look forward to checking it out when you have something working.

I recently read a book on cryptographic history (The Code Book) that went from Caesars Ciphers all the way through to PGP and DES.

I got the idea that the DES maths was pretty much out there, even though the US government makes sites carry messages saying you shouldn't download this stuff if you're a terrorists or something.

Try this guy . Haven't tried the maths but there's heaps of stuff on his site.

This is heavy too but try this

The SitePoint Forums have moved.

User Tag List

Thread: Cryptography in PHP

Thread Tools

Display

Cryptography in PHP

Bookmarks

Bookmarks

Posting Permissions