Encrypting

Anon

I'm using PHP 4.1.1 - is there a way that I can store information encrypted into a database (similar to md5) but where I can decrypt it when I need to call it back to the screen?

Thanks!

archerk13

I don't know, but I just wanna say hi, and that I am an idiot

[deleted]

Good point, well made.

esromneb

I'm sorry, there is a a-hole sitting next to me that posted that last e-mail, by the way, do anything you want to that other e-mail, it's not mine. I think it's so full it won't recieve mail anyway. Sorry for the inconvienence Seth.
-ben

Anon

can someone just answer the question? That would help!

Thanks

[deleted]

Why would you bother storing encrypted your data in the database?

Surely if a hacker finds his way into your database, he's able to find the decryption password...

archerk13

I'm sure there is. Why don't you post the incription program, and it would be easier for people to help you

Anon

Is there an encrypt with a decrypt - I'm not worried about a hacker, I just don't want it out plain in the open.

Thanks

cheald

Check out the mcrypt library. You can use that to encrypt your data, or you can write your own. There are encryption algorithms all over the place - it shouldn't be too hard to find one and implement it in PHP.

I'm going to be doing that soon. When I have it complete, I'll post it on PHPBuilder.

Chris

Anon

What do you mean by plain/in the open? If a person wanted to read the database they would have to know a user name and password and (if you have it set only accepting localhost connections) would have to be physically on your system, or logged in to it. If you are talking about it being in the open when you pass the data from the server to the client or visa versa you want SSL (Apache or whatever your flavor). This will encryt your data going from you to the server. Vincent is right (as always) if you are worried about hackers, they will see you deencryption key if they did crack you.

whizkid

Hi,

here's a link: http://www.phpbuilder.com/forum/read.php3?num=2&id=172961&loc=0&thread=172961

firemouse2001

saloon12yrd

hi Seth,

vincent is right about the hacker thing.
If you want to store passwords I'd suggest to use md5 and comparing the hashes.
If you're talking about large amounts of date I'd recommend the code below. It's using the RC4 algorithm - note that this is not very good encryption today but it'll suit most uses. Again, it won't stop a hacker.
Last note: The code below is my modified version of the original script found here: http://sourceforge.net/projects/rc4crypt/
It speeds up encryption/decryption by somewhat of 13%. If you want to understand the code I'd recommend the original version. For further speedup I'd recommend gzipping/gunzipping the data prior to encryption/decryption, the functions are fast enough.

Here we go:
//--------------------
function rc4 ($pwd, $data) {
$key[] = "";
$box[] = "";
$temp_swap = "";
$pwd_length = strlen($pwd);
$cipher = "";
$j = 0;
$dl = strlen($data);

for ($i = 0; $i < 256; $i++) {
$key[$i] = ord($pwd[$i % $pwd_length]);
$box[$i] = $i;
}

for ($i = 0; $i < 256; $i++) {
$x = ($x + $box[$i] + $key[$i]) % 256;
$temp_swap = $box[$i];
$box[$i] = $box[$x];
$box[$x] = $temp_swap;
}

for ($i = 0; $i < $dl; $i++) {
$a = ($a + 1) % 256;
$j = ($j + $box[$a]) % 256;

$temp = $box[$a];
$box[$a] = $box[$j];

$box[$j] = $temp;

$k = $box[(($box[$a] + $box[$j]) % 256)];
$cipher .= chr(ord($data[$i]) ^ $k);

}

return $cipher;
}
//--------------------
It can be used for both encrytion and decryption.

Hope that helps,

Dominique