MarkR wrote:

What is the use-case for having stuff encrypted / decrypted by PHP anyway?

I can think of two:

  1. You don't entirely trust everyone who has access to your user database, so you hash the passwords stored therein. Once those passwords have been obtained, they could be impersonated not only at the site in question but (given a bit of data mining) at other sites on which the users are registered with the same password (people have a tendency to repeat passwords). Of course, brute-forcing the hashes is likely to turn up quite a few of those passwords anyway, but the only defence against that is for users not to pick easy passwords in the first place. (It should go without saying that hash algorithms are not designed for "secure storage" of passwords.)

  2. Write-only storage that is intended only for later access offsite. This assumes that no-one can obtain the plaintext prior to its encryption, and requires the use of an asymmetric cipher for which the decrypt key is kept offsite.

Obviously, halojoy's code serves neither case.

halojoy wrote:

especially when very long texts/strings.

Ooh, that sounds like fun; can we see one of these very long texts/strings?

    a year later

    Hey guyz,

    I am facing a problem in encryption using you code in php.

    Key: ABC12345key
    String: 321321321321
    Encrypt: 202" "'':6+0
    Decrypt :321321321321

    As you can see its working fine, but when I try to insert data in database its creating MySQL error, because the encrypted code has (') and (") quotations.

    Please help me! 😕

    Thanks,
    Salman Mustafa

      use [man]mysql_real_escape_string/man on the encrypted text.....

        As well as escaping the encrypted text, consider using a real encryption function (and not something that is vulnerable to anyone capable of counting how often each character in the ciphertext occurs).

          2 years later
          MarkR;10754475 wrote:

          This cipher is probably extremely weak*.

          It is, Mark. Weak compared to real ciphers.

          Nevertheless it takes considerable effort and work for anyone to crack even this simple Crypt Script

          This is a small script not intended for any serious security applications.
          Like secret service or government use.
          And I know, this I have declared and explained in my posts.

          Features are instead:
          - easy and fast to use
          - one and same very small function
          - which will toggle text crypted/decrypted
          - intended for private use only
          - for example small personal websites or message exchanging between friends
          - or e.g. protect text files you have in your PC folders from other eyes

          I am happy to see some have used and like my script 🙂
          It works within its limitations and does this very well.

          Kind regards
          halojoy

            halojoy wrote:

            Nevertheless it takes considerable effort and work for anyone to crack even this simple Crypt Script

            Cobblers. I cracked it years ago (ref. post 18 of this thread after recognising it as a cryptosystem that was cracked over a century ago).

            halojoy wrote:

            Features are instead:
            - easy and fast to use
            - one and same very small function
            - which will toggle text crypted/decrypted
            - intended for private use only
            - for example small personal websites or message exchanging between friends
            - or e.g. protect text files you have in your PC folders from other eyes

            And which of these are actual advantages? Which of them don't apply to, say, Rijndael? Nothing in that list strikes me as being a "feature".

            And some of them are even doubtful. To take one example from that list:

            • easy and fast to use

            The code I wrote (which does the same thing as your code) ran in 0.47 seconds on some sample input. Rijndael took 0.53 seconds. With your code I got bored waiting after a couple of minutes.

            I tried with a smaller text file. My code took 0.02 seconds, Rijndael took 0.03, and yours took 57 seconds.

              15 days later

              Just a question. Do you think it would be wise using this code to change user-input afterward hashing it with either the MD5, SHA1, or SHA-2 hashing algorithms? Or would that compromise some of the data?

              EDIT: Yes, I know that MD5 and I believe SHA1 and SHA-2 are one-way hashing/encryption algorithms.

                I don't think there's any point to using this code at all (see this thread; posts 18 and 23, and the latter parts of 12 and 14).

                  a year later

                  Could somebody please rewrite the code below, not using the single pipe operator? (taken from post #14):

                  // {en|de}cryption algorithm
                  $text = (($text ^ $k) & $lomask) | ($text & $himask);

                  Thank you so much.

                    Why do you want to avoid the use of bitwise or when it is intended?

                      🙂

                      if ( (condition 1) || (condition 2) || (condition 3) ) {
                      do smt...
                      }

                      This is the common way I am familiar with. I have never ever known about the single pipe operator ; - especially, about that (advanced-perhaps) way of coding php. So I don't understand what $text = (($text ^ $k) & $lomask) | ($text & $himask); means.

                        Thanks for the link.

                        "especially, about that (advanced-perhaps) way of coding php" ; This is what I mean:

                        --> Can $text = (($text ^ $k) & $lomask) | ($text & $himask); be written in another form, just like:

                        $a ++ can be written in another way (suitable for newbie): $a = $a + 1

                        (this is not about the single pipe anymore).

                          Take ($text & $himask) for instance. The & is the bitwise "and", which sets a bit to 1 if the corresponding bits in both $text and $himask are 1. To write it in some other way would likely be some cumbersome loop, checking each bit against in one value against the corresponding bit in the other.

                          <pre><?php
$foo = 7;
$bar = 14;

// using the bitwise operator:
$result = $foo & $bar;
var_dump($result);

// a much more cumbersome method:
$fooBits = sprintf("%032b", $foo); // convert integer to binary string
$barBits = sprintf("%032b", $bar); // ditto
$result = '';
for($i=0; $i<32; $i++)
{
   if (($fooBits[$i] == 1) && ($barBits[$i] == 1))
   {
      $result .= 1;
   }
   else
   {
      $result .= 0;
   }
}
$result = bindec($result); // convert binary string to integer
var_dump($result);
?></pre>
                            a month later

                            Hello ALL!
                            I am a new in PHP and I read all these posts. They are really amazing for students like me.
                            Don't mind but I have a question, I know its a silly one but I am sure my teacher is going to ask me the very first question that which encryption technique have you applied in your code?
                            Please do tell !

                              Hello ALL!
                              I am a new in PHP and I read all these posts. They are really amazing for students like me.
                              Don't mind but I have a question, I know its a silly one but I am sure my teacher is going to ask me the very first question that which encryption technique have you applied in your code?
                              Please do tell !
                              sonam is online now Report Post Reply With Quote

                                6 months later

                                I liked this code for obscuring data until I managed to break it today

                                xx_1st4domains.co.uk_test
                                pq[4g|=wlbelfzf{&|x{av|
                                xx_1st4domains.co.uk_Sd~u
                                pq[4g|=wlbelfz                                f{&|x\{av|
                                xx_1st4domains.co.uk_SXYshry
                                pq[4g|=wlbelfz*f{&|x\\{av|

                                It's that second underscore that is creating extra backslashes and throwing it out of line.
                                Changing characters before or after the underscore provides similar results as long as the length stays the same.

                                Any ideas?

                                  ppcnseo wrote:

                                  Any ideas?

                                  Yes; don't use it.

                                    10 months later

                                    Simple String EnCrypt + DeCrypt function.

                                    ...

                                    <?php
// String EnCrypt + DeCrypt function
// Author: halojoy, July 2006
function convert($str,$ky=''){
if($ky=='')return $str;
$ky=str_replace(chr(32),'',$ky);
if(strlen($ky)<8)exit('key error');
$kl=strlen($ky)<32?strlen($ky):32;
$k=array();for($i=0;$i<$kl;$i++){
$k[$i]=ord($ky{$i})&0x1F;}
$j=0;for($i=0;$i<strlen($str);$i++){
$e=ord($str{$i});
$str{$i}=$e&0xE0?chr($e^$k[$j]):chr($e);
$j++;$j=$j==$kl?0:$j;}
return $str;
}

                                    [/QUOTE]

                                    i remake this code for javascript client :

                                    function convert(text,key){
    if (key === '') {
        return text; 
    } 
    key = key.replace(' ', ''); 
    if (key.length < 8) { 
        alert('key error'); 
        return false;
    } 
    key_len = key.length; 
    if (key_len > 32) { 
        key_len = 32; 
    } 
    k = []; // key array 
    for (i = 0; i < key_len; ++i) { 
        k[i] = key.charCodeAt(i) & 0x1F;
    } 
    for (i = 0, j = 0; i < text.length; ++i) { 
        e = text.charCodeAt(i); 
        if (e + 0xE0) { 
            text = text.substr(0,i) + String.fromCharCode(e ^ k[j]) + text.substr(i+1);  
                                    
        } 
        j = (j + 1) % key_len; 
    }
    return text; 
}

                                    or

                                    function convertshortverson(a,b){if(b===""){return a}b=b.replace(" ","");if(b.length<8){alert("key error");return false}key_len=b.length;if(key_len>32){key_len=32}k=[];for(i=0;i<key_len;++i){k[i]=b.charCodeAt(i)&31}for(i=0,j=0;i<a.length;++i){e=a.charCodeAt(i);if(e+224){a=a.substr(0,i)+String.fromCharCode(e^k[j])+a.substr(i+1)}j=(j+1)%key_len}return a}