MEncrypt

thekidscareya

I have MEncrypt installed on a server. I'm using the phpfreaks class for php5 at http://www.phpfreaks.com/tutorials/128/2.php.

I wrote two functions that I use:

function cc_encrypt($cc)
	{
	$crypto = new phpFreaksCrypto();  // create new object
	$string = $crypto->encrypt($cc); // encrypt
	return $string;	
	}
function cc_decrypt($string)
	{
	$crypto = new phpFreaksCrypto(); // create new object
	$cc = $crypto->decrypt($string); //decrypt
	return $cc;
	}

However, I created a page load time on a test page where I execute cc_encrypt() and cc_decrypt() and it takes forever to load using tripledes algorithm and ecb mode.

<?php
$starttime = explode(' ', microtime());  

$starttime =  $starttime[1] + $starttime[0];  

include "lib/mencrypt.lib.php";

$cc = "card: 1111222233334444";
echo $cc."<br>encrypted - ";
$e = cc_encrypt($cc);
echo $e."<br>decrypted - ";
$x = cc_decrypt($e);
echo $x."<br>";

$mtime = explode(' ', microtime());  

$totaltime = $mtime[0] +  $mtime[1] - $starttime;  

printf('Page loaded in %.3f seconds.',  $totaltime);  

?>

Are there any more faster algorithms out there? Is there a faster two encryption algorithm?

Thanks in advance for any feedback you can give me. I appreciate it.

laserlight

Triple DES is indeed slow as it involves repeated application of a legacy algorithm, DES. You could consider Rijndael (the AES winner) or one of the other AES finalists, namely MARS, RC6, Serpent and Twofish.

thekidscareya

laserlight wrote:
Triple DES is indeed slow as it involves repeated application of a legacy algorithm, DES. You could consider Rijndael (the AES winner) or one of the other AES finalists, namely MARS, RC6, Serpent and Twofish.

Rigndael_128 and twofish are pretty slow. Mars and rc6 isn't included with mcrypt. The semidecent one iserpent (just plain old serpent), but it takes about 30+ seconds to encrypt and decrypt a string (16 chars).

Base64_encode() and Base64_decode() looks really good now.

laserlight

Base64_encode() and Base64_decode() looks really good now.

Base 64 encoding is not encryption and thus is in a different class altogether.

The semidecent one iserpent (just plain old serpent), but it takes about 30+ seconds to encrypt and decrypt a string (16 chars).

Have you tried working with the mcrypt functions directly? 30+ seconds for such a small string is very unusual.

thekidscareya

function cce($plain_string)
	{
	$key = 'MyRandomStringThatWillAlwaysBeTheSame';
	$algorithm = "rijndael_128";
	$mode = "ecb";
	$iv = false;
    if(extension_loaded('mcrypt') === FALSE)
    	{
    	$prefix = (PHP_SHLIB_SUFFIX == 'dll') ? 'php_' : '';
    	dl($prefix . 'mcrypt.' . PHP_SHLIB_SUFFIX) or die('The Mcrypt module could not be loaded.');
    	}	
	$td = mcrypt_module_open($algorithm, '', $mode, '') ;	
    $random_seed = strstr(PHP_OS, "WIN") ? MCRYPT_RAND : MCRYPT_DEV_RANDOM;	
	$iv = ($iv === false) ? mcrypt_create_iv(mcrypt_enc_get_iv_size($td), $random_seed) : substr($iv, 0, mcrypt_enc_get_iv_size($td));	
	$expected_key_size = mcrypt_enc_get_key_size($td);
	$key = substr(md5($key), 0, $expected_key_size);
	mcrypt_generic_init($td, $key, $iv);
	return base64_encode(mcrypt_generic($td, $plain_string));
	}

function ccd($encrypted_string)
	{
	$key = 'MyRandomStringThatWillAlwaysBeTheSame';
	$algorithm = "rijndael_128";
	$mode = "ecb";
	$iv = false;
    if(extension_loaded('mcrypt') === FALSE)
    	{
    	$prefix = (PHP_SHLIB_SUFFIX == 'dll') ? 'php_' : '';
    	dl($prefix . 'mcrypt.' . PHP_SHLIB_SUFFIX) or die('The Mcrypt module could not be loaded.');
    	}	
	$td = mcrypt_module_open($algorithm, '', $mode, '') ;	
    $random_seed = strstr(PHP_OS, "WIN") ? MCRYPT_RAND : MCRYPT_DEV_RANDOM;	
	$iv = ($iv === false) ? mcrypt_create_iv(mcrypt_enc_get_iv_size($td), $random_seed) : substr($iv, 0, mcrypt_enc_get_iv_size($td));	
	$expected_key_size = mcrypt_enc_get_key_size($td);
	$key = substr(md5($key), 0, $expected_key_size);
	mcrypt_generic_init($td, $key, $iv);
	return trim(mdecrypt_generic($td, base64_decode($encrypted_string)));
	}

Those functions are called through


<?php
$starttime = explode(' ', microtime());  

$starttime =  $starttime[1] + $starttime[0];  




include "lib/mencrypt.lib.php";

$cc = "1111222233334444";
echo $cc."<br>encrypted - ";
$e = cce($cc);


echo $e."<br>decrypted - ";
$x = ccd($e);
echo $x."<br>";

$mtime = explode(' ', microtime());  

$totaltime = $mtime[0] +  $mtime[1] - $starttime;  

printf('Page loaded in %.3f seconds.',  $totaltime); 

?>

Is there a better way to do this?

laserlight

At worst, the output I get from running on my local box is:

1111222233334444
encrypted - 01pYvAG+0iDfdIaXh6yFwQ==
decrypted - 1111222233334444
Page loaded in 0.002 seconds.

thekidscareya

laserlight wrote:
At worst, the output I get from running on my local box is:
1111222233334444
encrypted - 01pYvAG+0iDfdIaXh6yFwQ==
decrypted - 1111222233334444
Page loaded in 0.002 seconds.

What are the specs on the local box, particularly the CPU? Also, is it safe to assume that the server load is relatively low? The server I'm using is on a network with relatively high traffic with a decent amount of CPU usage (I'll get a number on Monday). I think it has a 600 mhz processor (Once again, I'll get exact numbers on Monday.)

laserlight

What are the specs on the local box, particularly the CPU? Also, is it safe to assume that the server load is relatively low? The server I'm using is on a network with relatively high traffic with a decent amount of CPU usage (I'll get a number on Monday). I think it has a 600 mhz processor (Once again, I'll get exact numbers on Monday.)

3 GHz dual core processor, 1 GB DDR2 SDRAM, zero load. I certainly would not use that as a gauge as to how fast the script should perform on a live box, but 30+ seconds for the same test is well over 10000 fold slower, and that seems rather unlikely unless your box is in dire need of upgrading.