Cryptography in PHP

[Hartmann]

I was wondering if anyone had any algorithms that they use to encode things? I would like to see some because I am trying to design a cryptographic system for PHP that uses 3 dimensions (in other words a third variable, z). I don't know how much more secure this would be and I would like any input anyone has to offer.

Thanks,

[seanf]

Why can't you just use md5?

Sean

[Hartmann]

Because md5() is not true cryptography..... It is a one way function that writes a 32 bit long output. The only way to compare strings is to md5() both of them and see if they match.... I would rather decrypt the one string and see if they match. Just personal preference I guess.

[Anarchos]

Ah but decryption is itself a security risk: it's much much more secure to use a one-way encryption algorithm.

[CrazyCrane]

But some applications need to use a two-way cipher system; one-way hashes are fine if you are comparing two things, but a bit useless if you ever need to recover what you hashed.

Storing passwords is an example - storing an unencrypted password is a security risk, so ideally you'd want to store an encrypted version. But if you store a hash of the password, you can never recover it; if the user forgets their password they have to have a new one set, as the old one is forever lost. A two-way cipher would resolve that problem. And of course if you need to send a message which has to be recovered and read, you need a two-way system.

If however you are simply comparing two things, then there's no real reason not to use one-way hashes like md5.

I don't know a great deal about cryptography, only what I learned at university (very little ), but writing a full-on, robust cryptosystem isn't exactly easy unless you completely understand the maths involved. I'd suggest checking out some security and cryptography sites first; if no-one has written what you need already, I imagine you can probably find a lot of good infrormation to help you. I'm afraid I haven't got any decent bookmarks any more to help out - sorry .

[smashway]

The Blowfish algorithm is being implemented in PHP. Search through deja.com's news to learn more (there is no public version yet though, I think).

[Hartmann]

I want a cryptographical system that is comparable to the Blowfish system or even attempt PGP.

I have a fairly good grasp on advanced mathematics (Trig, Calculus, and Algebra). So now all I need is ideas.

In the coming weeks I will probably have some examples to show of the system (as I will make the system publicly available).

[AlexW]

Sounds pretty interesting Hartmann. I'll look forward to checking it out when you have something working.

I recently read a book on cryptographic history (The Code Book) that went from Caesars Ciphers all the way through to PGP and DES.

I got the idea that the DES maths was pretty much out there, even though the US government makes sites carry messages saying you shouldn't download this stuff if you're a terrorists or something.

Try this guy . Haven't tried the maths but there's heaps of stuff on his site.

This is heavy too but try this