...

View Full Version : make my own encrypt/decrypt funtion



tylerjca
06-11-2006, 04:31 PM
Hello all. I have searched and all I have found is ppl saying that md5(), sha1() and others are only 1-way hashes. I have come to terms with the fact that there is obviously no easy way of encrypting AND decrypting a variable.

Now my question is, can anyone point me in the right direction on how to get my own encrypt/decrypt function created? I don't want someone to do it all for me, I just want maybe a base to go by, or even a reference to a site that might show me how to do it. I'm sure it's possible to do.... I hope:rolleyes:

The reason I NEED this function is so that I can allow ppl to enter their Secret Question (not encrypted) and their Secret Answer (encrypted) so that the server will send them a new password if the information matches. I want to encrypt the answer so that my visitors will have trust in me (and anyone else who has access) to not be looking at their answers.

Thanks in advance!

Mwnciau
06-11-2006, 04:37 PM
you could do something like:



$answer = 'answer';
$search = array('a', 'b', 'c'... etc );
$replace = array('fjf9', 'asdk', 'fjsd');
$answer = str_replace($search, $replace, $answer);



and the other way round to decrypt.

Or you could use md5 and do something like:




$answer = md5('answer');
$real_answer = md5('answer');

if ($answer == $real_answer){
//do your mail thingy
}

tylerjca
06-11-2006, 04:42 PM
wow, i just realized that a few months ago I tried something like that but i was using preg_replace() instead of str_replace()... it worked but only a little bit. But i'm going to try your method and see how it works.

Thanks

tylerjca
06-11-2006, 05:19 PM
okay here's what I got:


<?php
$text = "abcdefghijklmnopqrstuvwxyz";
$search = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x ','y','z');
$replace = array('z','y','x','w','v','u','t','s','r','q','p','o','n','m','l','k','j','i','h','g','f','e','d','c ','b','a');
$text = str_replace($search,$replace,$text);

echo "Encoded: " . $text;
echo "<br>";
$text = str_replace($replace,$search,$text);
echo "Decoded: " . $text;
?>


The problem is that it doesn't return what I had thought it would.. it's as if it's making up it's own mind as to what it's going to "encrypt"

here's what it returns:


Encoded: abcdefghijklmmlkjihgfedcba
Decoded: zyxwvutsrqponnopqrstuvwxyz

GJay
06-11-2006, 07:16 PM
I have come to terms with the fact that there is obviously no easy way of encrypting AND decrypting a variable.

Now it will depend on your definition of 'easy', but PHP has the mcrypt extension, that makes encryption/decryption trivial...

http://php.net/mcrypt

lavinpj1
06-11-2006, 07:36 PM
The method you used there is pointless. There is no point in encrypting something that poorly as it just wastes cpu time. All it would take someone to do is encrypt abcde...etc. and they would have your data.

GJay had a much better suggestion of using mcrypt. This allows you to encrypt and decrypt data in many ways. The best way of doing this would be to spawn encryption using a key unique to each item of data. There are many things to think about with encryption, but don't waste valuable brain power on your initial replacing method.

~Phil~

ralph l mayo
06-12-2006, 10:09 AM
The reason I NEED this function is so that I can allow ppl to enter their Secret Question (not encrypted) and their Secret Answer (encrypted) so that the server will send them a new password if the information matches. I want to encrypt the answer so that my visitors will have trust in me (and anyone else who has access) to not be looking at their answers.

This is actually exactly what one way (hash) encoding is meant for. Store their answer as sha1($answer), and when they want to retrieve it see if sha1($newanswer) matches the previous hash. Add strtolower() and trim() to allow for minor variance, maybe, but that's pretty much the hash function's whole raison.

If you use a client-side hash in javascript you can handle authentication without the server ever even having an opportunity to see the plaintext of passwords and the like.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum