...

View Full Version : Secure cookie encryption



StrangeCoder
11-27-2010, 06:43 PM
How to create some kind of very very fast (short script) new encryption using php to encrypt cookies?
Any idea?

StrangeCoder
11-27-2010, 06:50 PM
For example, first, cookie is being md5()
And i need to encrypt this md5 using my own little encryption.

DrDOS
11-27-2010, 07:02 PM
You can just add a 'key' at the beginning of what you want encrypted. Let's say your key is 'mystery_mile'.

$new_cookie_value = md5( 'mystery_mile'.$cookie_value);

Of course, it's not practical to decrypt an md5, you can only check against it. But your key will be unknown to the user so he can't check against it.

StrangeCoder
11-27-2010, 07:33 PM
Very nice idea.
Thanks you a lot. Strange, I didn't guess it myself, I was gonna to create my own encryption lol :D Stupid me.

I am gonna check em using substr_replace(). It will remove added secret keys at the beginning or at the end and will check if md5 in the cookie is the same like SQL entry.

Well, not md5, actually, because it sucks :D At least, sha1. ;-)

MattF
11-28-2010, 08:52 AM
There's no need to strip or replace anything. The whole point of having is a secret key is to use that as part of the hashing string.



function generate_hash($content, $algo = false)
{
$hash_algos = hash_algos();
$salt = 'your_private_key';

if ($algo && in_array($algo, $hash_algos))
{
return hash($algo, $salt.hash($algo, $content));
}
else if (in_array('sha256', $hash_algos))
{
return hash('sha256', $salt.hash('sha256', $content));
}
else
{
return sha1($salt.sha1($content));
}
}

StrangeCoder
12-29-2010, 08:40 PM
Sorry, hadn't enough time recently,
today I've coded cookies following DrDOS tip and here is an example:

http://goo.gl/vt2ul

Note: this is temporal apache server on my machine, site is not ready yet and is not registered anywhere yet.

Is it secure enough?

StrangeCoder
12-29-2010, 08:50 PM
EG

Session=MGYxNWFhMDFiNTdjMGI0NWJiNDU5ZWEwYWI2Yzc2MzkyNzFkOGEwOQ%3D%3D; Login=RHVkZTMyMQ%3D%3D



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum