|
|
Posted by "Richard Lynch" on 10/22/05 04:45
So, for fun, (well, *MY* idea of fun) I implemented a dirt-simple
CAPTCHA.
The image is totally OCR-able, but anybody wants to work that hard at
it can have at it. That's modular enough to (really) fix later
anyway/
After lots of encryption/decryption with urlencoding, htmlentities,
and base64_encoding, to keep all the data kosher over HTTP et al...
I end up with a string with a bunch of NUL characters (ord($char) ==
0) tacked on the end, but otherwise correctly decoded.
I'm not really sure if it's base64 or the encryption itself that pads
the string, and don't really care, to tell you the truth...
Anyway, my question is, what is the morally correct function to use to
remove these null characters from the end of my string?
I'm guessing 'rtrim' would work, but is a NUL char really whitespace?
I suppose I could do str_replace(), but if things go bad some day, I
don't want to confuse myself by removing NUL characters in the middle
of the messed up string.
A second related question:
Given that the string to be encrypted is a single word and thus very
short, the PHP manual makes it quite clear that encrypt_mode of ECB is
the right choice. YAY!
What is not readily apparent, and what I can't figure out from my
research is if any of the algorithms available is better suited to
this usage.
To be clear: I'm mcrypt_encrypt()ing the secret word into the URL and
a hidden form element, along with the IV, ditto, and so both are
available to the potentical malicious user. So if exposure of IV is
an issue in any suggested answer, keep that in mind.
The following options are available in my webhost's install:
cast-128
gost
rijndael-128
twofish
arcfour
cast-256
loki97
rijndael-192
saferplus
wake
blowfish-compat
des
rijndael-256
serpent
xtea
blowfish
enigma
rc2
tripledes
We can safely eliminate any hypothetical "best" which is not in that
list.
--
Like Music?
http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|