Page 1 of 1
encrypting & decrypting user pm's
Posted: Sat Dec 02, 2006 4:14 pm
by tarja311
Hi folks,
I have a system in place where users can send private messages to each other using an HTML form w/ MySQL ( to store them ). However, i can access the database and am able to view all stored messages. Is there a way i can encrypt these messages so nobody that has database access can view them? I tried the MD-5 algorithm but i do not know how to decrypt the message on the receiving end ( i don't think it was made to be decrypted to begin with).
Any ideas?
Thanks
-- tarja
Posted: Sat Dec 02, 2006 4:25 pm
by Burrito
md5 is not encryption, it is a hash.
you probably want something like
base64_encode() and
base64_decode() though anyone who is even remotely savvy will be able to figure that out.
you should create some kind of encryption schema yourself that uses base64 encoding but also adds a salt to it to mix it up some.
Posted: Sat Dec 02, 2006 4:56 pm
by DaveTheAve
My experience with encrypting is two make my own scheme as said above but incorporate many known encryptions within my own. For example, I'll reverse the array, base64_encode() it, salt it, convert_uuencode() it, then base64_encode it again while swapping some letter with other, then to save space to a level 9 compression to it.
That method is really resource eating, but it works well.
Posted: Sat Dec 02, 2006 5:04 pm
by tarja311
Thank you both.

Posted: Sat Dec 02, 2006 9:04 pm
by Z3RO21
Personaly when dealing with simple encryption needs I just write a very simple encryption formula that is personal and unique. For example here is a simple script I wrote in 5 mins.
Code: Select all
$Key = md5('This is your key.');
$Text = 'This is the plain text. abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
$EncryptedText = '';
$KeyIndex = 0;
/*
For this we are going to use this simple formula
encryptedChar = plainChar - KeyChar + 32
we can write the decryption algorithm also
plainChar = encryptedChar + KeyChar - 32
*/
for ($I = 0; $I < strlen($Text); $I++) {
$PTChar = substr($Text, $I, 1);
$KeyChar = substr($Key, $KeyIndex, 1);
if ($KeyIndex < strlen($Key)) {
$KeyIndex++;
} else { $KeyIndex = 0; }
$EncryptedText .= chr(ord($PTChar) - ord($KeyChar) + 32);
}
print $EncryptedText . '<br>'; //Prints: @%U`S- /RN.SQ&VÛ.#72ìÚP!LOPSOQ‰V(XZVY*^-]]`4^h6büü7367:68p=?A=@EDñ%óóó
$PlainText = '';
$KeyIndex = 0;
for ($I = 0; $I < strlen($EncryptedText); $I++) {
$ETChar = substr($EncryptedText, $I, 1);
$KeyChar = substr($Key, $KeyIndex, 1);
if ($KeyIndex < strlen($Key)) {
$KeyIndex++;
} else { $KeyIndex = 0; }
$PlainText .= chr(ord($ETChar) + ord($KeyChar) - 32);
}
print $PlainText; //Prints: This is the plain text. abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Just my 2 cents

Posted: Sat Dec 02, 2006 10:10 pm
by nickvd
Just a question... If you can't trust the people who have database access, then why do they have it?
Posted: Sun Dec 03, 2006 10:31 pm
by tarja311
Oh, they are trustworthy. I just want to make sure my users feel confident that their private messages are not read by anyone except the recipient.

Posted: Sun Dec 03, 2006 10:41 pm
by feyd
So then disallow their user(s) the access rights to read the field containing the text.
Posted: Mon Dec 04, 2006 3:17 am
by onion2k
As you're using MySQL you could always use the AES_ENCRYPT() and AES_DECRYPT() functions.
Posted: Mon Dec 04, 2006 6:55 am
by timvw
Burrito wrote:md5 is not encryption, it is a hash.
you probably want something like
base64_encode() and
base64_decode() though anyone who is even remotely savvy will be able to figure that out.
(imho) base64 isn't encryption either.. It's just another encoding...
Posted: Mon Dec 04, 2006 8:11 am
by Burrito
timvw wrote:(imho) base64 isn't encryption either.. It's just another encoding...
I would agree...read my initial post in its entirety
more specifically this section:
Burrito wrote:...you should create some kind of encryption schema yourself that uses base64 encoding but also adds a salt to it to mix it up some.
Posted: Mon Dec 04, 2006 1:14 pm
by tarja311
Thanks for all the tips / suggestions guys. Appreciates it.
