I need simple encryption, mycrypt doesnt work

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

toasty2
Forum Contributor
Posts: 361
Joined: Wed Aug 03, 2005 10:28 am
Location: Arkansas, USA

I need simple encryption, mycrypt doesnt work

Post by toasty2 »

What is some simple encryption I can do? (It needs to be reversible and based off of a key) I'd prefer the method be less than 8 lines, if possible.

Thanks in advance.
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

You might try a search for the blowfish algorithm amungst many others. If you look at the algorithms that mcrypt supports you can google for each individually and you might find extension-less PHP implementations of them. You can usually include these things (so that's one line) but obviously the include represents a whole file worth of code.
toasty2
Forum Contributor
Posts: 361
Joined: Wed Aug 03, 2005 10:28 am
Location: Arkansas, USA

Post by toasty2 »

I think blowfish is a little excessive for my purposes, and the least complicated the better. :wink:
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Sorry mate, but short of a one-time pad (which isn't really secure) you won't find a secure cryptographic function that can be implemented in eight lines. Is efficency the problem?
toasty2
Forum Contributor
Posts: 361
Joined: Wed Aug 03, 2005 10:28 am
Location: Arkansas, USA

Post by toasty2 »

I guess I'll need to learn how to switch letters around and stuff, I like things short. Efficiency is always a good thing, and if there's a simple sufficient method, why not use it?
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

I bet this could be shortened to 8 lines. :wink:

Code: Select all

<?php
function RC4($keyfile, $data) { //ecncrypt $data with the key in $keyfile with an rc4 algorithm
    $pwd = implode('', file($keyfile));
        $pwd_length = strlen($pwd);
    for ($i = 0; $i < 255; $i++) {
          $key[$i] = ord(substr($pwd, ($i % $pwd_length)+1, 1));
            $counter[$i] = $i;
        }
        for ($i = 0; $i < 255; $i++) {
            $x = ($x + $counter[$i] + $key[$i]) % 256;
            $temp_swap = $counter[$i];
            $counter[$i] = $counter[$x];
            $counter[$x] = $temp_swap;

        }
        for ($i = 0; $i < strlen($data); $i++) {
                        $a = ($a + 1) % 256;
            $j = ($j + $counter[$a]) % 256;
            $temp = $counter[$a];
            $counter[$a] = $counter[$j];
            $counter[$j] = $temp;
            $k = $counter[(($counter[$a] + $counter[$j]) % 256)];
            $Zcipher = ord(substr($data, $i, 1)) ^ $k;
            $Zcrypt .= chr($Zcipher);
        }
        return $Zcrypt;
}
?>
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

You could write all your code like this:

Code: Select all

$a=array(1,4,6,32,4,63,6,3,2);for($i=0,$j=count($a);$i<$j;$i++){if($a[$i]>5){echo $a[$i];}else{foreach(array('pubs','clubs','towns') as $k=>$v){echo 'Data '.$v.' at pos '.$k;}}}
Ahh if I did that I'd be so cool :P
toasty2
Forum Contributor
Posts: 361
Joined: Wed Aug 03, 2005 10:28 am
Location: Arkansas, USA

Post by toasty2 »

I write some of my code like that, but just the simple, unimportant code :)

Thanks for the encryption code, I'll try it. :D
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

It is never, ever, a good idea to compact lines of code. Your sanity withstanding, what of others that may have to read or work with the code later? There's also the logic error some people run into:

Code: Select all

if ($something)
  $foo = $something . ' + 60'; doSomething($foo);
Sure, you could combine those two lines that apparently the author would want to run for that if into a single line using the comma operator, but it's just not worth the hassle of debugging and for other programmers.

I also put my support behind the methodology of always placing braces around code blocks; even one liners.


Now this doesn't really apply when you're specifically trying to obscure what the code is doing or something similar, but that's a different thread and way of programming.
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

Everybody should write there PHP adhereing to the Zend Framework PHP Coding Standard. I do, its been great :)
toasty2
Forum Contributor
Posts: 361
Joined: Wed Aug 03, 2005 10:28 am
Location: Arkansas, USA

Post by toasty2 »

I do write a majority of my code with pretty formatting for ease of understanding it at first glance, but if I'm doing something really simple, I sometimes might do something like this:

Code: Select all

if ($a == "blahblah")
       { echo ("Hi"); }
I always put curly braces where necessary too :D
And, from what I can see, I follow what ole said too.

Edit: I see sometimes people just doing echo "Hi";, is that bad, or is my way bad? :?:
Last edited by toasty2 on Sat Aug 12, 2006 10:04 am, edited 1 time in total.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

It really doesn't make a difference, just note that echo is a language construct, not a function. Personally, I don't use parentheses. Same goes with require_once and friends.
Last edited by Ambush Commander on Sat Aug 12, 2006 10:26 am, edited 1 time in total.
toasty2
Forum Contributor
Posts: 361
Joined: Wed Aug 03, 2005 10:28 am
Location: Arkansas, USA

Post by toasty2 »

I thought the same, that it doesn't matter, so thanks.
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

Do not use parentesis around language constructs that don't require it.
Do not use double quoted strings unless you are injecting variables or using escape characters:

Code: Select all

$a = "Hello, world"; // bad
$a = 'Hello, world'; // good
$a = "Hello, world\n"; // acceptable
$b = 'World';
$a = "Hello, $b\n"; // acceptable
toasty2
Forum Contributor
Posts: 361
Joined: Wed Aug 03, 2005 10:28 am
Location: Arkansas, USA

Post by toasty2 »

Uh, I just thought of something.....how am I going to decrypt the data I encrypted? 8O
I guess I'll switch to plan B, it doesn't require encryption :D However, that encryption might be useful later..
Last edited by toasty2 on Sat Aug 12, 2006 10:30 am, edited 1 time in total.
Post Reply