hi
I cant believe this.
I try to minimize my functions from having any stuff not necessary.

Question:
Weedpacket,
have you tried to run my script
without the $j loop?

In this case I want to update my script
using your version.
This will speed up my script, especially when very long texts/strings.

thank you
halojoy

PS.
if you havent tried your version and debugged it
we can just leave it.
it is not interesting for me, as my version is tested
to work perfectly alright
- an idea or hypotes has to be tested, to become something else than just an assumption
and of practical use for anyone

This cipher is probably extremely weak*. Why would you want to use it in lieu of a proper encryption system, such as the symmetric algorithms provided by mcrypt or the asymmetric ones provided by openssl?

What is the use-case for having stuff encrypted / decrypted by PHP anyway?

Mark

• Based on my minimal understanding of cryptography; it is trivial to determine (part of ) key if you know even part of the plaintext message. This is presumably not the case with "strong" ciphers.

Weedpacket,
have you tried to run my script
without the $j loop?

Read carefully: Weedpacket pointed out that $j was pointless, not that the loop in which $j was used was pointless.

Consider:

// String EnCrypt + DeCrypt function
// Author: halojoy, July 2006
// Modified and commented by: laserlight, August 2006

function convert($text, $key = '') {
    // return text unaltered if the key is blank
    if ($key == '') {
        return $text;
    }

// remove the spaces in the key
$key = str_replace(' ', '', $key);
if (strlen($key) < 8) {
    exit('key error');
}
// set key length to be no more than 32 characters
$key_len = strlen($key);
if ($key_len > 32) {
    $key_len = 32;
}

$k = array(); // key array
// fill key array with the bitwise AND of the ith key character and 0x1F
for ($i = 0; $i < $key_len; ++$i) {
    $k[$i] = ord($key{$i}) & 0x1F;
}

// perform encryption/decryption
for ($i = 0; $i < strlen($text); ++$i) {
    $e = ord($text{$i});
    // if the bitwise AND of this character and 0xE0 is non-zero
    // set this character to the bitwise XOR of itself
    // and the ith key element, wrapping around key length
    // else leave this character alone
    if ($e & 0xE0) {
        $text{$i} = chr($e ^ $k[$i % $key_len]);
    }
}
return $text;
}

MarkR wrote:

What is the use-case for having stuff encrypted / decrypted by PHP anyway?

I can think of two:

1. You don't entirely trust everyone who has access to your user database, so you hash the passwords stored therein. Once those passwords have been obtained, they could be impersonated not only at the site in question but (given a bit of data mining) at other sites on which the users are registered with the same password (people have a tendency to repeat passwords). Of course, brute-forcing the hashes is likely to turn up quite a few of those passwords anyway, but the only defence against that is for users not to pick easy passwords in the first place. (It should go without saying that hash algorithms are not designed for "secure storage" of passwords.)

2. Write-only storage that is intended only for later access offsite. This assumes that no-one can obtain the plaintext prior to its encryption, and requires the use of an asymmetric cipher for which the decrypt key is kept offsite.

Obviously, halojoy's code serves neither case.

halojoy wrote:

especially when very long texts/strings.

Ooh, that sounds like fun; can we see one of these very long texts/strings?

Hey guyz,

I am facing a problem in encryption using you code in php.

Key: ABC12345key
String: 321321321321
Encrypt: 202" "'':6+0
Decrypt :321321321321

As you can see its working fine, but when I try to insert data in database its creating MySQL error, because the encrypted code has (') and (") quotations.

Please help me!

Thanks,
Salman Mustafa

use [man]mysql_real_escape_string/man on the encrypted text.....

As well as escaping the encrypted text, consider using a real encryption function (and not something that is vulnerable to anyone capable of counting how often each character in the ciphertext occurs).

MarkR;10754475 wrote:

This cipher is probably extremely weak*.

It is, Mark. Weak compared to real ciphers.

Nevertheless it takes considerable effort and work for anyone to crack even this simple Crypt Script

This is a small script not intended for any serious security applications.
Like secret service or government use.
And I know, this I have declared and explained in my posts.

Features are instead:
- easy and fast to use
- one and same very small function
- which will toggle text crypted/decrypted
- intended for private use only
- for example small personal websites or message exchanging between friends
- or e.g. protect text files you have in your PC folders from other eyes

I am happy to see some have used and like my script
It works within its limitations and does this very well.

Kind regards
halojoy

halojoy wrote:

Nevertheless it takes considerable effort and work for anyone to crack even this simple Crypt Script

Cobblers. I cracked it years ago (ref. post 18 of this thread after recognising it as a cryptosystem that was cracked over a century ago).

halojoy wrote:

Features are instead:
- easy and fast to use
- one and same very small function
- which will toggle text crypted/decrypted
- intended for private use only
- for example small personal websites or message exchanging between friends
- or e.g. protect text files you have in your PC folders from other eyes

And which of these are actual advantages? Which of them don't apply to, say, Rijndael? Nothing in that list strikes me as being a "feature".

And some of them are even doubtful. To take one example from that list:

• easy and fast to use

The code I wrote (which does the same thing as your code) ran in 0.47 seconds on some sample input. Rijndael took 0.53 seconds. With your code I got bored waiting after a couple of minutes.

I tried with a smaller text file. My code took 0.02 seconds, Rijndael took 0.03, and yours took 57 seconds.

Just a question. Do you think it would be wise using this code to change user-input afterward hashing it with either the MD5, SHA1, or SHA-2 hashing algorithms? Or would that compromise some of the data?

EDIT: Yes, I know that MD5 and I believe SHA1 and SHA-2 are one-way hashing/encryption algorithms.

Could somebody please rewrite the code below, not using the single pipe operator? (taken from post #14):

// {en|de}cryption algorithm
$text = (($text ^ $k) & $lomask) | ($text & $himask);

Thank you so much.

Why do you want to avoid the use of bitwise or when it is intended?

if ( (condition 1) || (condition 2) || (condition 3) ) {
do smt...
}

This is the common way I am familiar with. I have never ever known about the single pipe operator ; - especially, about that (advanced-perhaps) way of coding php. So I don't understand what $text = (($text ^ $k) & $lomask) | ($text & $himask); means.

Bitwise Operators

Thanks for the link.

"especially, about that (advanced-perhaps) way of coding php" ; This is what I mean:

--> Can $text = (($text ^ $k) & $lomask) | ($text & $himask); be written in another form, just like:

$a ++ can be written in another way (suitable for newbie): $a = $a + 1

(this is not about the single pipe anymore).

Not really.. they're basic bitwise math operations.

Take ($text & $himask) for instance. The & is the bitwise "and", which sets a bit to 1 if the corresponding bits in both $text and $himask are 1. To write it in some other way would likely be some cumbersome loop, checking each bit against in one value against the corresponding bit in the other.

<pre><?php
$foo = 7;
$bar = 14;

// using the bitwise operator:
$result = $foo & $bar;
var_dump($result);

// a much more cumbersome method:
$fooBits = sprintf("%032b", $foo); // convert integer to binary string
$barBits = sprintf("%032b", $bar); // ditto
$result = '';
for($i=0; $i<32; $i++)
{
   if (($fooBits[$i] == 1) && ($barBits[$i] == 1))
   {
      $result .= 1;
   }
   else
   {
      $result .= 0;
   }
}
$result = bindec($result); // convert binary string to integer
var_dump($result);
?></pre>

Hello ALL!
I am a new in PHP and I read all these posts. They are really amazing for students like me.
Don't mind but I have a question, I know its a silly one but I am sure my teacher is going to ask me the very first question that which encryption technique have you applied in your code?
Please do tell !

Hello ALL!
I am a new in PHP and I read all these posts. They are really amazing for students like me.
Don't mind but I have a question, I know its a silly one but I am sure my teacher is going to ask me the very first question that which encryption technique have you applied in your code?
Please do tell !
sonam is online now Report Post Reply With Quote