Simple Encryption / Decryption
Moderator: General Moderators
Simple Encryption / Decryption
Hi,
How can we perform a simple two ways encryption? MD5 and crypt is out since it's one way and mcrypt is out as well where i dont have root access to the server.
I dont really need superb security for those data, but just some sort of encryption to make it not human-readable, that's all.
Thanks for any help in advance.
How can we perform a simple two ways encryption? MD5 and crypt is out since it's one way and mcrypt is out as well where i dont have root access to the server.
I dont really need superb security for those data, but just some sort of encryption to make it not human-readable, that's all.
Thanks for any help in advance.
I was testing it just putting the values in hard coded,
and I think that it offers the basic security that I need.... it's good for face saving at least...
I just wanted to ask if this looks right for appyling it to the insert page
so that it encodes the password that user entered:
<br>
I have it placed inside the .str_replace because I want to include the ' if it gets used.
and I think that it offers the basic security that I need.... it's good for face saving at least...
I just wanted to ask if this looks right for appyling it to the insert page
so that it encodes the password that user entered:
Code: Select all
$sql = "INSERT INTO * (Password) VALUES ('"base64_encode(.$_POST["password"].)"')";Code: Select all
Password ='".str_replace("'","'",base64_encode($_POST["password"]);i'd always use one-way encryption, but if it needs to be 2-ways, i've found that sometime on the web
Code: Select all
<?php
/**********************************************
**
** MD5 block cypher
**
** Author..: leapinglangoor [ leapinglangoor@yahoo.co.in ]
** Date....: 30th Apr 2005
** version.: v1.00
**
** Desc....: Below is MD5-based block cypher ( MDC-like ),
** which works in 128bit CFB mode. It is very useful to
** encrypt secret data before transfer it over the network.
**
** $iv_len - initialization vector's length.
** 0 <= $iv_len <= 512
**
************************************************/
function get_rnd_iv( $iv_len )
{
$iv = '';
while ( $iv_len-- > 0 )
{
$iv .= chr( mt_rand( ) & 0xff );
}
return $iv;
}
function md5_encrypt( $plain_text, $password, $iv_len = 16 )
{
$plain_text .= "\x13";
$n = strlen( $plain_text );
if ( $n % 16 )
{
$plain_text .= str_repeat( "\0", 16 - ( $n % 16 ) );
}
$i = 0;
$enc_text = get_rnd_iv( $iv_len );
$iv = substr( $password ^ $enc_text, 0, 512 );
while ( $i < $n )
{
$block = substr( $plain_text, $i, 16 ) ^ pack( 'H*', md5( $iv ) );
$enc_text .= $block;
$iv = substr( $block . $iv, 0, 512 ) ^ $password;
$i += 16;
}
return base64_encode( $enc_text );
}
function md5_decrypt( $enc_text, $password, $iv_len = 16 )
{
$enc_text = base64_decode( $enc_text );
$n = strlen( $enc_text );
$i = $iv_len;
$plain_text = '';
$iv = substr( $password ^ substr( $enc_text, 0, $iv_len ), 0, 512 );
while ( $i < $n )
{
$block = substr( $enc_text, $i, 16 );
$plain_text .= $block ^ pack( 'H*', md5( $iv ) );
$iv = substr( $block . $iv, 0, 512 ) ^ $password;
$i += 16;
}
return preg_replace( '/\\x13\\x00*$/', '', $plain_text );
}
?>
example.php:
<?php
include( 'md5.php' );
$plain_text = 'very secret string';
$password = 'very secret password';
echo "plain text is: [${plain_text}]<br />\n";
echo "password is: [${password}]<br />\n";
$enc_text = md5_encrypt( $plain_text, $password );
echo "encrypted text is: [${enc_text}]<br />\n";
$plain_text2 = md5_decrypt( $enc_text, $password );
echo "decrypted text is: [${plain_text2}]<br />\n";
?>As pointed out by those above, it's not an ideal solution to store a basecode value.
If you are looking to use this just for a login, then use md5, store the md5 password and compare the md5 of the users input to the value of the password field, like below:
If you are looking to use this just for a login, then use md5, store the md5 password and compare the md5 of the users input to the value of the password field, like below:
Code: Select all
<?php
/* when entering the users details into the system,
disregarding the check to see if they already exist for now: */
mysql_connect('bobshost', 'bob', 'bobspassword') or die('Could not connect');
mysql_select_db('bobsdb') or die("Couldn't select DB");
$uname = mysql_real_escape_string($_POST['username']);
$pwd = md5($_POST['password']);
mysql_query("INSERT INTO bobstable(uname, pwd) VALUES ('$uname', '$pwd')");
if (mysql_affected_rows() < 1) {
die('Error inserting user details');
}
?>Code: Select all
<?php
/* On login page... */
mysql_connect('bobshost', 'bob', 'bobspassword') or die('Could not connect');
mysql_select_db('bobsdb') or die("Couldn't select DB");
$uname = mysql_real_escape_string($_POST['username']);
$pwd = md5($_POST['password']);
$result = mysql_query("SELECT * FROM bobstable WHERE uname = '$uname' AND pwd = '$pwd'");
if (!$result) {
die('Error with Query');
}
if (mysql_num_rows($result) < 1) {
die('Incorrect Login Details!');
}
?>As far as I know, MD5 is un crackable. The only way to get past it is to 'fluke' it by means of brute force.
I.E. leave a comp running to try every possibly conceivable combination of characters until you find a matching MD5.
Have a value greater than 5 characters and you'll be waiting hours, more than 8 and you'll be waiting weeks.
But there are people that determined... which is why it is good practice to limit the number of attempts before locking the account someone is trying to force.
I.E. leave a comp running to try every possibly conceivable combination of characters until you find a matching MD5.
Have a value greater than 5 characters and you'll be waiting hours, more than 8 and you'll be waiting weeks.
But there are people that determined... which is why it is good practice to limit the number of attempts before locking the account someone is trying to force.