SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    chown linux:users\ /world Hartmann's Avatar
    Join Date
    Aug 2000
    Location
    Houston, TX, USA
    Posts
    6,455
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)

    Cryptography in PHP

    I was wondering if anyone had any algorithms that they use to encode things? I would like to see some because I am trying to design a cryptographic system for PHP that uses 3 dimensions (in other words a third variable, z). I don't know how much more secure this would be and I would like any input anyone has to offer.

    Thanks,

  2. #2
    Mlle. Ledoyen silver trophy seanf's Avatar
    Join Date
    Jan 2001
    Location
    UK
    Posts
    7,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Why can't you just use md5?

    Sean
    Harry Potter

    -- You lived inside my world so softly
    -- Protected only by the kindness of your nature

  3. #3
    chown linux:users\ /world Hartmann's Avatar
    Join Date
    Aug 2000
    Location
    Houston, TX, USA
    Posts
    6,455
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)
    Because md5() is not true cryptography..... It is a one way function that writes a 32 bit long output. The only way to compare strings is to md5() both of them and see if they match.... I would rather decrypt the one string and see if they match. Just personal preference I guess.

  4. #4
    You talkin to me? Anarchos's Avatar
    Join Date
    Oct 2000
    Location
    Austin, TX
    Posts
    1,438
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ah but decryption is itself a security risk: it's much much more secure to use a one-way encryption algorithm.
    ck :: bringing chris to the masses.

  5. #5
    SitePoint Addict
    Join Date
    Jun 2001
    Location
    Newcastle, England
    Posts
    268
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    But some applications need to use a two-way cipher system; one-way hashes are fine if you are comparing two things, but a bit useless if you ever need to recover what you hashed.

    Storing passwords is an example - storing an unencrypted password is a security risk, so ideally you'd want to store an encrypted version. But if you store a hash of the password, you can never recover it; if the user forgets their password they have to have a new one set, as the old one is forever lost. A two-way cipher would resolve that problem. And of course if you need to send a message which has to be recovered and read, you need a two-way system.

    If however you are simply comparing two things, then there's no real reason not to use one-way hashes like md5.

    I don't know a great deal about cryptography, only what I learned at university (very little ), but writing a full-on, robust cryptosystem isn't exactly easy unless you completely understand the maths involved. I'd suggest checking out some security and cryptography sites first; if no-one has written what you need already, I imagine you can probably find a lot of good infrormation to help you. I'm afraid I haven't got any decent bookmarks any more to help out - sorry .

  6. #6
    SitePoint Enthusiast smashway's Avatar
    Join Date
    Sep 2001
    Location
    Lausanne, Switzerland
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The Blowfish algorithm is being implemented in PHP. Search through deja.com's news to learn more (there is no public version yet though, I think).
    Smash

    Check this thread and help me: click here!

  7. #7
    chown linux:users\ /world Hartmann's Avatar
    Join Date
    Aug 2000
    Location
    Houston, TX, USA
    Posts
    6,455
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)
    I want a cryptographical system that is comparable to the Blowfish system or even attempt PGP.

    I have a fairly good grasp on advanced mathematics (Trig, Calculus, and Algebra). So now all I need is ideas.

    In the coming weeks I will probably have some examples to show of the system (as I will make the system publicly available).

  8. #8
    Team SitePoint AlexW's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne
    Posts
    832
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Sounds pretty interesting Hartmann. I'll look forward to checking it out when you have something working.

    I recently read a book on cryptographic history (The Code Book) that went from Caesars Ciphers all the way through to PGP and DES.

    I got the idea that the DES maths was pretty much out there, even though the US government makes sites carry messages saying you shouldn't download this stuff if you're a terrorists or something.

    Try this guy . Haven't tried the maths but there's heaps of stuff on his site.

    This is heavy too but try this
    Alex Walker
    SitePoint Developer
    SitePoint - Learnable


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •