SitePoint Sponsor

User Tag List

Results 1 to 14 of 14
  1. #1
    SitePoint Addict
    Join Date
    Feb 2004
    Location
    Rome
    Posts
    296
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    2 way encryption

    hello

    does exist a php command to execute a 2 ways encryption (encryption/decryption) without usinf mcrypt ?

    Thank you

  2. #2
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    I found this in my "Handy functions" folder - I recommend keeping it
    PHP Code:
    FUNCTION ENCRYPT_DECRYPT($TheString) { 
        
    $Len_$TheString=STRLEN($TheString); 
        
    $Str_Encrypted_Message=""
        FOR (
    $Position 0;$Position<$Len_$TheString;$Position++){ 
            
    $str_encrypted_message .= chr((ord(substr($TheString$position1))) ^ ((255+(($len_$TheString+$position)+1)) &#37; 255)); 
        

        RETURN 
    $Str_Encrypted_Message

    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  3. #3
    ¬.¬ shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    For real strong encryption
    http://php.net/mcrypt
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  4. #4
    SitePoint Wizard TheRedDevil's Avatar
    Join Date
    Sep 2004
    Location
    Norway
    Posts
    1,196
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    arkinstall:
    If I am not mistaken that function implent the Caesar cipher. If you are using this function to secure data I would recommend that you change it as it does not really offer any protection at all.
    http://en.wikipedia.org/wiki/Caesar_cipher

    As logic_earth mentions, mcrypt is a good direction to go.

  5. #5
    SitePoint Wizard Hammer65's Avatar
    Join Date
    Nov 2004
    Location
    Lincoln Nebraska
    Posts
    1,161
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I would recommend either mcrypt or PEAR::crypt_blowfish.

  6. #6
    Worship the Krome kromey's Avatar
    Join Date
    Sep 2006
    Location
    Fairbanks, AK
    Posts
    1,621
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    At the absolute worst your should be using a Vigenère cipher, but yes as has been stated mcrypt or a PEAR library would be the best route.
    PHP questions? RTFM
    MySQL questions? RTFM

  7. #7
    Grumpy Minimalist
    Join Date
    Jul 2006
    Location
    Ontario, Canada
    Posts
    424
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Without mcrypt, your options are very limited. Why is it that you cannot use mcrypt? If your PHP installation is too old to support it, it is definitely time to upgrade. If you're on a shared server which does not have mcrypt compiled, there's not much you can do beside asking them.

    If you have access to no native extensions, you'll have to settle for a pure-PHP implementation, which is likely to be extremely slow, or insecure due to entropy problems. One such implementation of a symmetric cipher (two way encryption) is here.

    If you want to learn more about encryption in general, and have a day or two to spare, check out the Security Now! podcast, episodes 30 to 37: Cryptographic Issues, Symmetric Stream Ciphers, Symmetric Block Ciphers (the ones that you want), Public Key Cryptography, Cryptographic Hashes, and the Crypto Series Wrap-up.

  8. #8
    SitePoint Member
    Join Date
    Mar 2007
    Location
    Adelaide
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you have openSSL (most UNIX servers do) you can use the openssl_private/public_encrypt/decrypt functions in PHP.

  9. #9
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Look through phpclasses.org, you might find something.
    Saul

  10. #10
    SitePoint Addict
    Join Date
    Feb 2004
    Location
    Rome
    Posts
    296
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    /* 
    Description : A function with a very simple but powerful xor method to encrypt 
                  and/or decrypt a string with an unknown key. Implicitly the key is 
                  defined by the string itself in a character by character way. 
                  There are 4 items to compose the unknown key for the character 
                  in the algorithm 
                  1.- The ascii code of every character of the string itself 
                  2.- The position in the string of the character to encrypt 
                  3.- The length of the string that include the character 
                  4.- Any special formula added by the programmer to the algorithm 
                      to calculate the key to use 
    */ 
    FUNCTION ENCRYPT_DECRYPT($Str_Message) { 
    //Function : encrypt/decrypt a string message v.1.0  without a known key 
    //Author   : Aitor Solozabal Merino (spain) 
    //Email    : aitor-3@euskalnet.net 
    //Date     : 01-04-2005 
        
    $Len_Str_Message=STRLEN($Str_Message); 
        
    $Str_Encrypted_Message=""
        FOR (
    $Position 0;$Position<$Len_Str_Message;$Position++){ 
            
    // long code of the function to explain the algoritm 
            //this function can be tailored by the programmer modifyng the formula 
            //to calculate the key to use for every character in the string. 
            
    $Key_To_Use = (($Len_Str_Message+$Position)+1); // (+5 or *3 or ^2) 
            //after that we need a module division because can´t be greater than 255 
            
    $Key_To_Use = (255+$Key_To_Use) &#37; 255; 
            
    $Byte_To_Be_Encrypted SUBSTR($Str_Message$Position1); 
            
    $Ascii_Num_Byte_To_Encrypt ORD($Byte_To_Be_Encrypted); 
            
    $Xored_Byte $Ascii_Num_Byte_To_Encrypt $Key_To_Use;  //xor operation 
            
    $Encrypted_Byte CHR($Xored_Byte); 
            
    $Str_Encrypted_Message .= $Encrypted_Byte
            
            
    //short code of  the function once explained 
            //$str_encrypted_message .= chr((ord(substr($str_message, $position, 1))) ^ ((255+(($len_str_message+$position)+1)) % 255)); 
        

        RETURN 
    $Str_Encrypted_Message
    //end function 

    $Str_Test="This function is free software; you can redistribute it and/or 
    modify it under the terms of the GNU General Public License 
    as published by the Free Software Foundation in any version 
    of the License."
    ."<br>"."This program is distributed in the hope that it will be useful, 
    but WITHOUT ANY WARRANTY; without even the implied warranty of 
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
    ."<br>"."Hello Aitor, Wellcome Home"."<br>"
    ECHO 
    $Str_Test."<br>"
    $Str_Test2 ENCRYPT_DECRYPT($Str_Test); 
    ECHO 
    $Str_Test2."<br><br>"
    $Str_Test3 ENCRYPT_DECRYPT($Str_Test2); 
    ECHO 
    "<br>".$Str_Test3."<br>"
    Thank you and thank you all !

  11. #11
    Worship the Krome kromey's Avatar
    Join Date
    Sep 2006
    Location
    Fairbanks, AK
    Posts
    1,621
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Wow. Clever, but one of the most insecure encryption algorithms I've ever seen. This would be cracked with a single known-plaintext attack (i.e. attacker creates his own plaintext message, runs it through your algorithm, and compares it to the generated ciphertext) in under 20 minutes. Most algorithms considered to be "broken" (i.e. insecure) that are vulnerable to known-plaintext attacks require on the order of hundreds of known-plaintexts - yours requires one.

    If all you're trying to do is keep your li'l sis from reading your private diary, this algorithm would be sufficient; if, on the other hand, you're trying to protect valuable data (e.g. bank account numbers, credit card numbers, passwords, whatever), then this is nowhere near sufficient. If the former is the case (i.e. if secure encryption is not required), you'd be better served by the nigh-useless Caesar cipher that arkinstall provided above or the better (but still highly insecure) Vigen&#232;re cipher I mentioned.
    PHP questions? RTFM
    MySQL questions? RTFM

  12. #12
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  13. #13
    Obey the Purebreed trib4lmaniac's Avatar
    Join Date
    Dec 2004
    Location
    Cornwall, UK
    Posts
    594
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by kyberfabrikken View Post
    You beat me to it

  14. #14
    SitePoint Wizard Hammer65's Avatar
    Join Date
    Nov 2004
    Location
    Lincoln Nebraska
    Posts
    1,161
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The ROT13 encoding simply shifts every letter by 13 places in the alphabet while leaving non-alpha characters untouched. Encoding and decoding are done by the same function, passing an encoded string as argument will return the original version.
    Wow that's tough to crack! Encoding is not encrypting.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •