On Wed, 12 Jan 2005 10:13:08 -0000, Shaun <shaunthornburgh@xxxxxxxxxxx> wrote:
I have site that allows users to upload private information to our server. We would like to encrypt the data for security reasons and only allow certain users to be able to un-encrypt the data and view it. I have looked at the PHP encryption functions and they appear to be one way algorithms - I am guessing this is the whole point of encrption ;)
Does anyone have any suggestions regarding this?
I'm no expert on crypto (and never will be either! designing good crypto is something best left to the very very very very best in terms of computer science) but I think that the following function represents very weak crypto - which may very suffice, but one thing that could make the whole lots fall apart is the fact that the key is kept in the function itself - imagine the server has auto source-highlighting for php files (when you add an 's' to a filename), if so anyone can readout your key!
that was not meant as a 'dis', I just wanted to point out that crypto is very hard to get right.
oh and Greg, you may just have told the world the key that you are actually using!
function encrypt( $string ) { $key = '&g1@8477Fg9*'; $result = ''; for( $i = 1; $i <= strlen( $string ); $i++ ) { $char = substr( $string, $i - 1, 1 );
$keychar = substr( $key, ( $i % strlen( $key ) ) - 1, 1 );
$char = chr( ord( $char ) + ord( $keychar ) );
$result .= $char; } return $result; }
function decrypt( $string ) { $key = '&g1@8477Fg9*'; $result = ''; for( $i = 1; $i <= strlen( $string ); $i++ ) { $char = substr( $string, $i - 1, 1 );
$keychar = substr( $key, ( $i % strlen( $key ) ) - 1, 1 );
$char = chr( ord( $char ) - ord( $keychar ) );
$result .= $char; } return $result; }
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
