encrypt data question

gaucho

Hello all,
I'm looking for a really simple way to encrypt data to be stored in a database. I already checked mcrypt, but the problem is that mcrypt-ing the data makes it hard/quite impossible to search for partial strings without having to scan and decrypt a whole table.
Eg.:
a field contains this string: "this is my house"
Searching for the whole string is no problem, but if you just have to match "this" or "house" doesn't work because the encrypted "house" representation is different from the one in the whole string.
I don't really need strong encryption because this is just for keeping users away from changing records with some database administration tools.
I just need a method to make it hard for them to simply read and change records, and still have the possibility to search for partial sring representations the "usual way".

Thanks in advance

gaucho

MikeSnead

Sounds like you'd need something that simply changes character by character by a set standard. Something that converts all As to Qs and Bs to Ps and so on and so forth. That way you could easily create functions to search for a string. Just have he search function convert the string and search for that converted string in the database.

Seems like it would be the simplist answer to your question... it's not exactly secure encryption, but general users probably won't know that "QbbRe" really means "apple" or something like that.

Drakla

If it really is low security, then following Mike's answer, you can use [man]str_rot13[/man] to gibberish up your data, and running it a 2nd time brings it back, so if you were searching for house, you'd just search for the str_rot13('house');

kburger

I LIKE that solution! I'm going to try to keep that in mind.

gaucho

Thanks for the replies,
The idea with rot13 is not bad, at least it is a good beginning. I took a look at the description of the function in the manual, and I've already seen a little problem, it doesn't replace numbers.
But reading the comments on this function I found a comment by Cristof Pollenius:

//For versions of php <= 4.2.0 you can use:

function rot13($str){
if (!function_exists('str_rot13')) {
   $from = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
   $to  = 'nopqrstuvwxyzabcdefghijklmNOPQRSTUVWXYZABCDEFGHIJKLM';
   $rot13str = strtr($str, $from, $to);
}else{
   $rot13str = str_rot13($str); 
}
return $rot13str;
}

I had an idea.
To make it a little like normal encrypting methods one could define something like a "key" and an "initial vector", these could be any string string-alpha or whatever you would like to use.
Now one could combine both, key and iv by mixing them up somehow to one string chain, eg.
$key = "abcdefg";
$iv = "1234";
$conv_strings ="aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPQqrRsStTuUvVwWxXyYzZ0123456789._?";
$mix = "1a2b3c4d1e2f3g";
The $conv_strings string contains all the strings you would like to have replaced.
Lets say you have the string "house", as you could see in the $conv_string the lowercase h takes position 15. Now start conting in the mix. Since the mix only contains 14 chars, start over counting => position 15 is equivalent to position 1 and position one is the char "1".
Now replace the "h" with the "1".
To make it a little more complicated we could use a third input parameter, namely $sc (start counting) which means "start counting at position $sc".
Well, this is just an idea, and I haven't tested it yet.

I think that something like this could be strong enough to keep users away from the data and a little stronger than just using rot13.

What do you think?

Best regards

gaucho

P.S.: OK, looked at this again and found a little problem, which ist if you start counting over, how would you know at "decrytion" time how many turns you took.