Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    Regular Coder tylerjca's Avatar
    Join Date
    Dec 2002
    Location
    Canada
    Posts
    161
    Thanks
    1
    Thanked 0 Times in 0 Posts

    make my own encrypt/decrypt funtion

    Hello all. I have searched and all I have found is ppl saying that md5(), sha1() and others are only 1-way hashes. I have come to terms with the fact that there is obviously no easy way of encrypting AND decrypting a variable.

    Now my question is, can anyone point me in the right direction on how to get my own encrypt/decrypt function created? I don't want someone to do it all for me, I just want maybe a base to go by, or even a reference to a site that might show me how to do it. I'm sure it's possible to do.... I hope

    The reason I NEED this function is so that I can allow ppl to enter their Secret Question (not encrypted) and their Secret Answer (encrypted) so that the server will send them a new password if the information matches. I want to encrypt the answer so that my visitors will have trust in me (and anyone else who has access) to not be looking at their answers.

    Thanks in advance!

  • #2
    Regular Coder
    Join Date
    May 2006
    Location
    Wales
    Posts
    820
    Thanks
    1
    Thanked 82 Times in 79 Posts
    you could do something like:
    PHP Code:

    $answer 
    'answer';
    $search = array('a''b''c'... etc );
    $replace = array('fjf9''asdk''fjsd');
    $answer str_replace($search$replace$answer); 
    and the other way round to decrypt.

    Or you could use md5 and do something like:

    PHP Code:

    $answer 
    md5('answer');
    $real_answer md5('answer');

    if (
    $answer == $real_answer){
      
    //do your mail thingy


  • #3
    Regular Coder tylerjca's Avatar
    Join Date
    Dec 2002
    Location
    Canada
    Posts
    161
    Thanks
    1
    Thanked 0 Times in 0 Posts
    wow, i just realized that a few months ago I tried something like that but i was using preg_replace() instead of str_replace()... it worked but only a little bit. But i'm going to try your method and see how it works.

    Thanks

  • #4
    Regular Coder tylerjca's Avatar
    Join Date
    Dec 2002
    Location
    Canada
    Posts
    161
    Thanks
    1
    Thanked 0 Times in 0 Posts
    okay here's what I got:
    Code:
    <?php
    $text = "abcdefghijklmnopqrstuvwxyz";
    $search = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z');
    $replace = array('z','y','x','w','v','u','t','s','r','q','p','o','n','m','l','k','j','i','h','g','f','e','d','c','b','a');
    $text = str_replace($search,$replace,$text);
    
    echo "Encoded: " . $text;
    echo "<br>";
    $text = str_replace($replace,$search,$text);
    echo "Decoded: " . $text;
    ?>
    The problem is that it doesn't return what I had thought it would.. it's as if it's making up it's own mind as to what it's going to "encrypt"

    here's what it returns:
    Code:
    Encoded: abcdefghijklmmlkjihgfedcba
    Decoded: zyxwvutsrqponnopqrstuvwxyz

  • #5
    Senior Coder
    Join Date
    Sep 2005
    Posts
    1,791
    Thanks
    5
    Thanked 36 Times in 35 Posts
    I have come to terms with the fact that there is obviously no easy way of encrypting AND decrypting a variable.
    Now it will depend on your definition of 'easy', but PHP has the mcrypt extension, that makes encryption/decryption trivial...

    http://php.net/mcrypt

  • #6
    Regular Coder
    Join Date
    Sep 2005
    Posts
    394
    Thanks
    1
    Thanked 0 Times in 0 Posts
    The method you used there is pointless. There is no point in encrypting something that poorly as it just wastes cpu time. All it would take someone to do is encrypt abcde...etc. and they would have your data.

    GJay had a much better suggestion of using mcrypt. This allows you to encrypt and decrypt data in many ways. The best way of doing this would be to spawn encryption using a key unique to each item of data. There are many things to think about with encryption, but don't waste valuable brain power on your initial replacing method.

    ~Phil~

  • #7
    Regular Coder ralph l mayo's Avatar
    Join Date
    Nov 2005
    Posts
    951
    Thanks
    1
    Thanked 31 Times in 29 Posts
    Quote Originally Posted by tylerjca
    The reason I NEED this function is so that I can allow ppl to enter their Secret Question (not encrypted) and their Secret Answer (encrypted) so that the server will send them a new password if the information matches. I want to encrypt the answer so that my visitors will have trust in me (and anyone else who has access) to not be looking at their answers.
    This is actually exactly what one way (hash) encoding is meant for. Store their answer as sha1($answer), and when they want to retrieve it see if sha1($newanswer) matches the previous hash. Add strtolower() and trim() to allow for minor variance, maybe, but that's pretty much the hash function's whole raison.

    If you use a client-side hash in javascript you can handle authentication without the server ever even having an opportunity to see the plaintext of passwords and the like.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •