|
|
Posted by Jochem Maas on 10/04/48 11:05
Greg Donald wrote:
> On Wed, 12 Jan 2005 10:13:08 -0000, Shaun <shaunthornburgh@hotmail.com> wrote:
>
>>I have site that allows users to upload private information to our server.
>>We would like to encrypt the data for security reasons and only allow
>>certain users to be able to un-encrypt the data and view it. I have looked
>>at the PHP encryption functions and they appear to be one way algorithms - I
>>am guessing this is the whole point of encrption ;)
>>
>>Does anyone have any suggestions regarding this?
>
I'm no expert on crypto (and never will be either! designing good crypto
is something best left to the very very very very best in terms of
computer science) but I think that the following function represents
very weak crypto - which may very suffice, but one thing that could make
the whole lots fall apart is the fact that the key is kept in the
function itself - imagine the server has auto source-highlighting for
php files (when you add an 's' to a filename), if so anyone can readout
your key!
that was not meant as a 'dis', I just wanted to point out that crypto is
very hard to get right.
oh and Greg, you may just have told the world the key that you are
actually using!
>
> function encrypt( $string )
> {
> $key = '&g1@8477Fg9*';
>
> $result = '';
>
> for( $i = 1; $i <= strlen( $string ); $i++ )
> {
> $char = substr( $string, $i - 1, 1 );
>
> $keychar = substr( $key, ( $i % strlen( $key ) ) - 1, 1 );
>
> $char = chr( ord( $char ) + ord( $keychar ) );
>
> $result .= $char;
> }
>
> return $result;
> }
>
> function decrypt( $string )
> {
> $key = '&g1@8477Fg9*';
>
> $result = '';
>
> for( $i = 1; $i <= strlen( $string ); $i++ )
> {
> $char = substr( $string, $i - 1, 1 );
>
> $keychar = substr( $key, ( $i % strlen( $key ) ) - 1, 1 );
>
> $char = chr( ord( $char ) - ord( $keychar ) );
>
> $result .= $char;
> }
>
> return $result;
> }
>
>
Navigation:
[Reply to this message]
|