So, for fun, (well, *MY* idea of fun) I implemented a dirt-simple CAPTCHA. The image is totally OCR-able, but anybody wants to work that hard at it can have at it. That's modular enough to (really) fix later anyway/ After lots of encryption/decryption with urlencoding, htmlentities, and base64_encoding, to keep all the data kosher over HTTP et al... I end up with a string with a bunch of NUL characters (ord($char) == 0) tacked on the end, but otherwise correctly decoded. I'm not really sure if it's base64 or the encryption itself that pads the string, and don't really care, to tell you the truth... Anyway, my question is, what is the morally correct function to use to remove these null characters from the end of my string? I'm guessing 'rtrim' would work, but is a NUL char really whitespace? I suppose I could do str_replace(), but if things go bad some day, I don't want to confuse myself by removing NUL characters in the middle of the messed up string. A second related question: Given that the string to be encrypted is a single word and thus very short, the PHP manual makes it quite clear that encrypt_mode of ECB is the right choice. YAY! What is not readily apparent, and what I can't figure out from my research is if any of the algorithms available is better suited to this usage. To be clear: I'm mcrypt_encrypt()ing the secret word into the URL and a hidden form element, along with the IV, ditto, and so both are available to the potentical malicious user. So if exposure of IV is an issue in any suggested answer, keep that in mind. The following options are available in my webhost's install: cast-128 gost rijndael-128 twofish arcfour cast-256 loki97 rijndael-192 saferplus wake blowfish-compat des rijndael-256 serpent xtea blowfish enigma rc2 tripledes We can safely eliminate any hypothetical "best" which is not in that list. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
