CruzIT
Monday April 15, 2024 - 9:39:49 PM

Registered Linux User #440901    


 
Login    Register
Login Required

PHP Encryption How To Information

This article is for working with different methods of encryption and php.
If you haven't already read the article about checking for php errors and warnings, do it now.

Part 1. Correct 256 Bit Encryption with mcrypt():

md5() and/or sha1() should not be used while forming a key for the mcrypt. This is because hex encoding uses a set of 16 characters [0-9 &a-f], which is equivalent to 4 bits.

Some usable code first. The code is pretty well commented. (See the comment lines that start with "//")
If you would like any further information, please use the Contact Page.

<?php
//variables for the salts
$itstoday=date('l jS \of F Y A');
$plusseven=date('l jS \of F Y A', strtotime('+7 days'));
//Just potential variable - Example would say let's meet five hours after message ws sent
$plusfivehrs=date('h:i A', strtotime('+5 hours'));
//variables for the keys
$key1 = "this is the first of the secret keys with today's date of " . $itstoday;
$key2 = "this is the second of the secret keys to be used with a week from now: " . $plusseven;
$input = "Let's meet at " . $plusfivehrs . " at the double secret place.";
//Next three lines should removed for production
echo '<strong>Pre-encryption:</strong><br />';
echo 'key1: "' . $key1.'"<br />';
echo 'key2:"' . $key2.'"<br />';
echo 'input:"' . $input.'"<br />';

$length = strlen($input);

// Open the cipher using rijndael 256bit
$td = mcrypt_module_open('rijndael-256', '', 'cbc', '');

// Create the IV and get the keysize length
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$ks = mcrypt_enc_get_key_size($td);

// Create the key using variables above
$key1 = md5($key1);
$key2 = md5($key2);

$key = substr($key1, 0, $ks/2) . substr(strtoupper($key2), (round(strlen($key2) / 2)), $ks/2);
$key = substr($key.$key1.$key2.strtoupper($key1),0,$ks);

// Intialize encryption
mcrypt_generic_init($td, $key, $iv);

// Encrypt the message or data from $input
$encrypted = mcrypt_generic($td, $input);

// Close encryption handler
mcrypt_generic_deinit($td);

// Initialize decryption module
mcrypt_generic_init($td, $key, $iv);

// Decrypt the encrypted string
$decrypted = mdecrypt_generic($td, $encrypted);

// Close decryption handle and module
mcrypt_generic_deinit($td);
mcrypt_module_close($td);

// Show string
echo '<strong>Post-encryption:</strong><br />';
echo 'Text: '. substr($decrypted,0,$length) . '<br />';
echo 'Encoded: ' . $encrypted . '<br />';
echo '<br />key1: ' . $key1 . '<br />key2: ' . $key2 . '<br />created key: ' . $key;
?>

Output would look something like:

Pre-encryption:
key1: "the first of the secret keys with today's date of Saturday 7th of September 2013 PM"
key2:"this is the second of the secret keys to be used with a week from now: Saturday 14th of September 2013 PM"
input:"Let's meet at 05:13 PM at the double secret place"
Post-encryption:
Text: Let's meet at 05:55 PM at the double secret place. Wear a yellow hat and a blue shirt.
Encoded:��&���ޠ\e0��lN�j�yh �&0L�3/v�������*2������\�&����aM�5YK��E��

key1: d25570c25b3a4ad6ec758fd9aaca78eb
key2: 9bde5e0402f0b569160031d1ba76040b
created key: d25570c25b3a4ad6160031D1BA76040B

Please note: The output of the Encoded stream will not be valid XHTML. It is not intended to be human readable!
The above example output was modified to show valid SGML so it wouldn't break the validation of the web page.

Part 2. Using different hash functions with hash() - Coming Soon!

If you would like some information on how to do something use the Contact Page. Someone will get back with you with an answer.

“Microsoft - Just Say No - It's a gateway drug”

Page generated in zero point one four (0.14) seconds.

@ Active Member Project Honeypot  email addresses

This page was last modified on 09/1/18 @ 10:33:50:pm
This file name: info_php_encryption.php

Questions, Comments, Suggestions or Requests should be sent to:  ronnie@cruzit.com 

There have been  10675  Unique Visitors (IP Addresses) to this site.

Current users online : 23
Maximum users at a time : 60
Last 25 attacks have come from:
85.120.244.156
15.168.15.153
185.196.11.45
191.101.3.32
167.71.225.43
34.143.140.159
34.124.211.247
82.223.128.176
45.125.239.179
167.235.6.168
212.8.253.179
159.223.4.223
178.208.169.231
105.113.104.40
185.126.202.247
194.163.144.86
143.198.223.8
107.180.109.11
157.245.196.160
47.128.52.66
51.68.230.136
128.90.136.145
128.90.43.138
159.89.91.227
207.180.248.15

There are currently 25 unique IP addresses blacklisted.

Public cruzit.com Server Status
server offline dbc001  db cluster service
 Aw Crap!, It's Off-Line
server offline www03  web service
 Aw Crap!, It's Off-Line
server online www  web service
 Is On-Line
server offline mx 08  mail service
 Aw Crap!, It's Off-Line
server offline www ha  F/O web service
 Aw Crap!, It's Off-Line
server offline mx 11  mail service
 Aw Crap!, It's Off-Line
server online Primary  Client DNS
 Is On-Line
server online Secondary  Client DNS
 Is On-Line

©Copyright 2004-2024 - cruzit.com - Redd Enterprises™, Inc.,  All Rights Reserved.
Ubuntu® is a registered trademark of Canonical Ltd.
Linux® is a registered trademark of Linus Torvalds.
Apache® is a registered trademark of The Apache Software Foundation.
PHP® is a registered trademark of The PHP Group.
The MariaDB® a registered trademark of the MariaDB Corporation Ab.
MySQL® is a registered trademark of the Oracle Corporation Inc.
All other product and service names mentioned are the trademarks of their respective companies.

 

pretrial
pretrial
pretrial
pretrial
Let us know what you think! finance@homelandcomputersecurity.com