CruzIT
Monday January 21, 2019 - 16:18:52 PM

Registered Linux User #440901    


 
Login    Register
Login Required

PHP Encryption How To Information

This article is for working with different methods of encryption and php.
If you haven't already read the article about checking for php errors and warnings, do it now.

Part 1. Correct 256 Bit Encryption with mcrypt():

md5() and/or sha1() should not be used while forming a key for the mcrypt. This is because hex encoding uses a set of 16 characters [0-9 &a-f], which is equivalent to 4 bits.

Some usable code first. The code is pretty well commented. (See the comment lines that start with "//")
If you would like any further information, please use the Contact Page.

<?php
//variables for the salts
$itstoday=date('l jS \of F Y A');
$plusseven=date('l jS \of F Y A', strtotime('+7 days'));
//Just potential variable - Example would say let's meet five hours after message ws sent
$plusfivehrs=date('h:i A', strtotime('+5 hours'));
//variables for the keys
$key1 = "this is the first of the secret keys with today's date of " . $itstoday;
$key2 = "this is the second of the secret keys to be used with a week from now: " . $plusseven;
$input = "Let's meet at " . $plusfivehrs . " at the double secret place.";
//Next three lines should removed for production
echo '<strong>Pre-encryption:</strong><br />';
echo 'key1: "' . $key1.'"<br />';
echo 'key2:"' . $key2.'"<br />';
echo 'input:"' . $input.'"<br />';

$length = strlen($input);

// Open the cipher using rijndael 256bit
$td = mcrypt_module_open('rijndael-256', '', 'cbc', '');

// Create the IV and get the keysize length
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$ks = mcrypt_enc_get_key_size($td);

// Create the key using variables above
$key1 = md5($key1);
$key2 = md5($key2);

$key = substr($key1, 0, $ks/2) . substr(strtoupper($key2), (round(strlen($key2) / 2)), $ks/2);
$key = substr($key.$key1.$key2.strtoupper($key1),0,$ks);

// Intialize encryption
mcrypt_generic_init($td, $key, $iv);

// Encrypt the message or data from $input
$encrypted = mcrypt_generic($td, $input);

// Close encryption handler
mcrypt_generic_deinit($td);

// Initialize decryption module
mcrypt_generic_init($td, $key, $iv);

// Decrypt the encrypted string
$decrypted = mdecrypt_generic($td, $encrypted);

// Close decryption handle and module
mcrypt_generic_deinit($td);
mcrypt_module_close($td);

// Show string
echo '<strong>Post-encryption:</strong><br />';
echo 'Text: '. substr($decrypted,0,$length) . '<br />';
echo 'Encoded: ' . $encrypted . '<br />';
echo '<br />key1: ' . $key1 . '<br />key2: ' . $key2 . '<br />created key: ' . $key;
?>

Output would look something like:

Pre-encryption:
key1: "the first of the secret keys with today's date of Saturday 7th of September 2013 PM"
key2:"this is the second of the secret keys to be used with a week from now: Saturday 14th of September 2013 PM"
input:"Let's meet at 05:13 PM at the double secret place"
Post-encryption:
Text: Let's meet at 05:55 PM at the double secret place. Wear a yellow hat and a blue shirt.
Encoded:��&���ޠ\e0��lN�j�yh �&0L�3/v�������*2������\�&����aM�5YK��E��

key1: d25570c25b3a4ad6ec758fd9aaca78eb
key2: 9bde5e0402f0b569160031d1ba76040b
created key: d25570c25b3a4ad6160031D1BA76040B

Please note: The output of the Encoded stream will not be valid XHTML. It is not intended to be human readable!
The above example output was modified to show valid SGML so it wouldn't break the validation of the web page.

Part 2. Using different hash functions with hash() - Coming Soon!

If you would like some information on how to do something use the Contact Page. Someone will get back with you with an answer.

“Microsoft - Just Say No - It's a gateway drug”

Page generated in zero point one four (0.14) seconds.

@ Active Member Project Honeypot  email addresses

This page was last modified on 09/1/18 @ 10:33:50:pm
This file name: info_php_encryption.php

Questions, Comments, Suggestions or Requests should be sent to:  ronnie@cruzit.com 

There have been  8026  Unique Visitors (IP Addresses) to this site.

Current users online : 17
Maximum users at a time : 50
Last 25 attacks have come from:
188.209.49.164
77.75.79.62
23.228.96.82
108.172.246.109
134.249.54.230
77.75.77.17
46.229.168.149
46.229.168.132
157.55.39.104
40.77.167.6
46.119.115.106
77.75.77.11
157.55.39.52
37.187.95.218
91.210.145.247
77.75.78.162
94.158.245.114
77.75.76.162
34.217.84.79
185.225.17.191
185.220.101.44
103.243.25.104
46.119.121.84
77.75.78.163
46.229.168.138

There are currently 25 unique IP addresses blacklisted.

Public cruzit.com Server Status
server offline limelight  web service
 Aw Crap!, It's Off-Line
server offline limelight  mail service
 Aw Crap!, It's Off-Line
server online www  web service
 Is On-Line
server online mx 08  mail service
 Is On-Line
server online www01  F/O web service
 Is On-Line
server online mx 09  mail service
 Is On-Line
server online tertiary  DNS service
 Is On-Line
server online mx 10  mail service
 Is On-Line

©Copyright 2004-2019 - cruzit.com - Redd Enterprises™, Inc.,  All Rights Reserved.
Ubuntu® is a registered trademark of Canonical Ltd.
Linux® is a registered trademark of Linus Torvalds.
Apache® is a registered trademark of The Apache Software Foundation.
PHP® is a registered trademark of The PHP Group.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
All other product and service names mentioned are the trademarks of their respective companies.

 

pretrial
pretrial
pretrial
pretrial
Let us know what you think! finance@homelandcomputersecurity.com