encrypting & decrypting user pm's

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
tarja311
Forum Commoner
Posts: 73
Joined: Fri Oct 20, 2006 10:57 pm

encrypting & decrypting user pm's

Post by tarja311 »

Hi folks,

I have a system in place where users can send private messages to each other using an HTML form w/ MySQL ( to store them ). However, i can access the database and am able to view all stored messages. Is there a way i can encrypt these messages so nobody that has database access can view them? I tried the MD-5 algorithm but i do not know how to decrypt the message on the receiving end ( i don't think it was made to be decrypted to begin with).

Any ideas?

Thanks

-- tarja
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

md5 is not encryption, it is a hash.

you probably want something like base64_encode() and base64_decode() though anyone who is even remotely savvy will be able to figure that out.

you should create some kind of encryption schema yourself that uses base64 encoding but also adds a salt to it to mix it up some.
User avatar
DaveTheAve
Forum Contributor
Posts: 385
Joined: Tue Oct 03, 2006 2:25 pm
Location: 127.0.0.1
Contact:

Post by DaveTheAve »

My experience with encrypting is two make my own scheme as said above but incorporate many known encryptions within my own. For example, I'll reverse the array, base64_encode() it, salt it, convert_uuencode() it, then base64_encode it again while swapping some letter with other, then to save space to a level 9 compression to it.

That method is really resource eating, but it works well.
tarja311
Forum Commoner
Posts: 73
Joined: Fri Oct 20, 2006 10:57 pm

Post by tarja311 »

Thank you both. :D
Z3RO21
Forum Contributor
Posts: 130
Joined: Thu Aug 17, 2006 8:59 am

Post by Z3RO21 »

Personaly when dealing with simple encryption needs I just write a very simple encryption formula that is personal and unique. For example here is a simple script I wrote in 5 mins.

Code: Select all

$Key = md5('This is your key.');
$Text = 'This is the plain text. abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
$EncryptedText = '';
$KeyIndex = 0;
/*
	For this we are going to use this simple formula
	encryptedChar = plainChar - KeyChar + 32
	we can write the decryption algorithm also
	plainChar = encryptedChar + KeyChar - 32
*/
for ($I = 0; $I < strlen($Text); $I++) {
	$PTChar = substr($Text, $I, 1);
	$KeyChar = substr($Key, $KeyIndex, 1);
	if ($KeyIndex < strlen($Key)) {
		$KeyIndex++;
	} else { $KeyIndex = 0; }
	$EncryptedText .= chr(ord($PTChar) - ord($KeyChar) + 32);
}
print $EncryptedText . '<br>'; //Prints: @%U`S- /RN.SQ&VÛ.#72ìÚP!LOPSOQ‰V(XZVY*^-]]`4^h6büü7367:68p=?A=@EDñ%óóó
$PlainText = '';
$KeyIndex = 0;
for ($I = 0; $I < strlen($EncryptedText); $I++) {
	$ETChar = substr($EncryptedText, $I, 1);
	$KeyChar = substr($Key, $KeyIndex, 1);
	if ($KeyIndex < strlen($Key)) {
		$KeyIndex++;
	} else { $KeyIndex = 0; }
	$PlainText .= chr(ord($ETChar) + ord($KeyChar) - 32);
}
print $PlainText; //Prints: This is the plain text. abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Just my 2 cents :)
nickvd
DevNet Resident
Posts: 1027
Joined: Thu Mar 10, 2005 5:27 pm
Location: Southern Ontario
Contact:

Post by nickvd »

Just a question... If you can't trust the people who have database access, then why do they have it?
tarja311
Forum Commoner
Posts: 73
Joined: Fri Oct 20, 2006 10:57 pm

Post by tarja311 »

Oh, they are trustworthy. I just want to make sure my users feel confident that their private messages are not read by anyone except the recipient. :)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

So then disallow their user(s) the access rights to read the field containing the text.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Post by onion2k »

As you're using MySQL you could always use the AES_ENCRYPT() and AES_DECRYPT() functions.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Burrito wrote:md5 is not encryption, it is a hash.

you probably want something like base64_encode() and base64_decode() though anyone who is even remotely savvy will be able to figure that out.
(imho) base64 isn't encryption either.. It's just another encoding...
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

timvw wrote:(imho) base64 isn't encryption either.. It's just another encoding...
I would agree...read my initial post in its entirety

more specifically this section:
Burrito wrote:...you should create some kind of encryption schema yourself that uses base64 encoding but also adds a salt to it to mix it up some.
tarja311
Forum Commoner
Posts: 73
Joined: Fri Oct 20, 2006 10:57 pm

Post by tarja311 »

Thanks for all the tips / suggestions guys. Appreciates it. :)
Post Reply