TalkPHP

TalkPHP (http://www.talkphp.com/forums.php)
-   Advanced PHP Programming (http://www.talkphp.com/advanced-php-programming/)
-   -   Creating your own encryption method (http://www.talkphp.com/advanced-php-programming/3962-creating-your-own-encryption-method.html)

tego10122 02-11-2009 07:09 PM
Creating your own encryption method
 
Hello , How could I compile a class/function to create my own encryption method.

eg:
Code:
$text = 'milkdud22'
output: my25Ql$jk

Wildhoney 02-11-2009 07:23 PM
Just scramble the input with some string functions like so:

php Code:
function TalkPHP_Encrypt($szString)
{
    $szString = str_rot13($szString);
    $szString = md5($szString);
    $szString = substr($szString, 5, 15);
    return $szString;
}

echo TalkPHP_Encrypt('Everybody at TalkPHP loves encryption');

That is of course unless you want to reverse it, in which case it'll require a little more thought. What is wrong with the in-built encryption methods, however?

tego10122 02-12-2009 04:12 AM
Um , well nothing really I just like to have it so I have my own encryption method hopefully making it harder to crack.

Village Idiot 02-12-2009 04:23 AM
Anything you create will probably be worse than the major existing methods (SHA1 is still to be reverse engineered). The methods you have now are created by people who have real experience in this stuff. One of the first rules of using encryption methods is "Don't use your own".

Wildhoney 02-12-2009 01:35 PM
As Village Idiot said, SHA1's yet to be reversed. Add a salt to that SHA1 and even dictionary attacks will be fruitless.

ETbyrne 02-12-2009 06:03 PM
The best idea is to use a combination of encryption methods. I personally use this:

PHP Code:
$newpass sha1(md5('password')); 

Village Idiot 02-12-2009 06:56 PM
Quote:
Originally Posted by ETbyrne (Post 21774)
The best idea is to use a combination of encryption methods. I personally use this:

PHP Code:
$newpass sha1(md5('password')); 
Why would that be any better? If they get reverse engineered it would not be hard at all to get past that. Reason being that they both leave data in an easy to spot format. If you want to make it virtually impossible to reverse engineer (w/o seeing the script), combine the two strings and substring a few out. This will essentially take any possible footprint away and destroy the data. If they see your script, they would still have to cross-reference the two values that they see and try to triangulate the missing letters off of that.

maZtah 02-12-2009 07:07 PM
I'm using the method Wildhoney mentioned.

PHP Code:
define('SALT''SD9isd9034K#J$Ldfdf9I_DLKAMSD;l=');

$szPassword sha1(SALT $_POST['password']); 
Then for every website I'm setting another SALT.

Salathe 02-12-2009 07:12 PM
Quote:
Originally Posted by ETbyrne (Post 21774)
The best idea is to use a combination of encryption methods. I personally use this:

PHP Code:
$newpass sha1(md5('password')); 
That's the best piece of bad advice I've seen all day. ^^ Mixing multiple hashing algorithms does not a secure system make. Once an attacker knows that all you're feeding into SHA1 is an unsalted MD5 hash, their life just got way easier.


All times are GMT. The time now is 11:08 AM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0