Reversable md5 equivelent?

Anon

Hi,

Forgive me if this is an ignorant question. I have used md5 for some time and have always been fascinated in an goofy kind of way that you always end up with a 32 character long string no matter how long your info. Thinking about it, i haven't used anything over 32 characters, but oh well, i am assuming... correct me if i am wrong for longer values.

Regardless, I have been passing stuff around between pages with base64_encode to hide the contents of the ?included= info. This isn't really sensitive material, just directory info, some formatting info, etc. My problem is that base64 stuff is like, long...

Is ther a good equivalent for encoding url string parameters? It need not be a uniform length like md5, but equal size would be good. I will probably just write something to shift and shift back ascii values if need be, i just thought there might be something that is normally used.

Thanks for any help.

van__

hmmm.
I just use sessions.
Store lots and lots of stuff in the session, keep the URL short as can be.

Anon

Well, there's ROT13 🙂

The reason why Base64 or uuencoding results in longer strings than the original data is because both are designed to pack arbitrary 8-bit bytes into (a subset of) the 7-bit ASCII character set. Obviously, if you don't want to throw away information, you need more 7-bit ASCII characters than you need 8-bit bytes. And if you want it to be reversible, you don't want to throw away data.

If you're only sending ASCII, as you said, then this isn't an issue - 7-bit ASCII fits in 7-bit ASCII just fine 🙂.

ROT13 is an example - that's easy enough:

$rot13string=strtr($string,
'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ',
'nopqrstuvwxyzabcdefghijklmNOPQRSTUVWXYZABCDEFGHIJKLM);

But it only does letters. However, it does suggest one approach.

Another (if you can stand one extra character) might be to whip up a quick XOR. This is really tacky, and I wouldn't suggest it except it's so idiotically simple:

[again, the source string is $string]
srand(time()); // Could be better.
$ord=rand(32,127);
$char=chr($ord); // Pick an ASCII character (ignore those control chars at the bottom)
$newstring=$char;
for($i=0;$i<strlen($string);$i++)
{
$newstring.=chr($ord^{ord($string[$i]));}
}

To decrypt:

$char=$newstring[0];
$ord=ord($char);
$string='';
for($i=1;$i<strlen($string);$i++)
{
$string.=chr($ord^{ord($newstring[$i]));}
}

Like I say - idiotically simple - the decrypt key is right there at the start of the string!

In the end it's really all a matter of how sensitive you want stuff to be: you can install the mcrypt library and use that; you can try and figure out some methind that avoids having to send the information around at all; or whatever.

Anon

Thanks 🙂

oh, yeah, once char is no trouble. The problem i have with base64 is the exponential way it grows. you have an 8 char long string, you end up with a 12. no biggy, but you chuck in a 36 you get a 52 (if my memory serves me, my math rarely does, lol).

As far as security, it is almost not even an issue. My main beef is the curiosity of strangers who see my directory info, or smart arses who substitute naughty words to see if it will bleed over into my menus and titles and whatnot. I figure if i am gonna get hacked i am gonna get hacked, no biggy, that is what backups are for. I don't really specify includes directly through the path, I just want to stop people who monkey with formatting by playing with my ?stuff=

Thanks, though, that was about what i expected, with a hint on how to go about it. I appreciate your time.

-bakerstreet

Anon

Yeah, Van's suggestion of using sessions is one I had in mind when I said "avoid passing the information around at all" - with sessions it just sits on your server and only a randomish ID string ends up on the browser.

But that's nowhere near as much fun as creating a cheap encryption scheme on the fly 🙂

But don't mind me, I'm too busy writing the MD5 algorithm in Brainf*** to be stable.

saloon12yrd

There's a RC4 encryption available on sourceforge: http://sourceforge.net/projects/rc4crypt/
I recommend applying my patch (see patches section) because it's a lot faster.
RC4 is quite secure and should suit your needs.

BTW ROT13 can be applied a lot simpler:

function str_rot13($str) {
    $from = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $to   = 'nopqrstuvwxyzabcdefghijklmNOPQRSTUVWXYZABCDEFGHIJKLM';

    return strtr($str, $from, $to);
}

Greets,
Dominique