Scrambled eggs or scrambled strings?

Jon12345

I want to scramble a variable in a url that I redirect someone to.

E.g. header("Location:http://mysite.com/index.php?var=sometext");

sometext should be scrambled to something else e.g. ghdketrs. Then I have a routine to unscramble when looking at my reports.

What is the simplest way of doing this?

Thanks,

Jon

rsmith

If you are sending the data through a form, you could use the POST method so that the information isn't displayed in the browser. or you could try urlencode()

laserlight

Well, why are you scrambling the variable?

jkurrle

Data encryption can be done a number of different ways. One way is to use a "dictionary" of substitute symbols(letters, numbers, characters) for existing characters. Dictionaries can be static, or randomly generated. If it is a randomly generated dictionary, the dictionary must be embedded into the encrypted string somehow, thereby increasing the length of the string being sent.

Another technique is "shuffling" the string into a jumble that gets "unshuffled" later on. You can split strings into parts, reverse some of the parts, then reshuffle the string together in a nonstandard fashion.

You can get a relatively good encryption by using either technique, or by combining the techniques together.

There's more you can do, but it sounds like you are looking for a simple encryption, so this should give you some ideas.

laserlight

You can get a relatively good encryption by using either technique, or by combining the techniques together.

Or more likely, you could end up with snake oil encryption.

It is good to know why this scrambling idea came about in the first place. Chances are encryption going in the wrong direction to begin with.

jkurrle

I would agree that it helps knowing why scrambling would be important. It looks as if Jon is sending some sort of data out in the open he wants to keep private. I would look at some sort of POST mechanism instead of GET or some other internal transfer mechanism, before looking at encryption.

Still, I do occasionally write encryption/decryption algorithms, depending on the need. If I am storing any personal data for a customer, I often encrypt the data before storing it in a database. That way, if the database gets hacked somehow, the user's data is still unusable to the hacker. I then store encryption/decryption libraries outside the web root, along with database login credentials.