I want to make a personal algorithm for hashing texts in PHP. The letter 'a' crypt in 'xyz', 'b' in '256' and some more. How it's possible this?
It's possible by simple create a function that make characters substitution, like this:
function myEncrypt ($text)
{
$text = str_replace(array('a', 'b'), array('xby', '256'), $text);
// ... others
return $text;
}
version with two arrays "search" and "replaceWith" passed as arguments:
function myEncrypt ($text, $search=array(), $replaceWith=array())
{
return str_replace($search, $replaceWith, $text);
}
WARNING: That way isn't a correct solution to encrypt a text, there are a lot of better ways to do a secure encryption with PHP (see for example this post).
I'm bored at work so I thought i'd give this a crack.
This isn't secure at all. The crypt must be hard coded and the crypted character must have a size of 3.
<?php
//define our character->crypted text
$cryptArray = array( "a"=>"xyz","b"=>"256");
//This is our input
$string = "aab";
//Function to crypt the string
function cryptit($string,$cryptArray){
//create a temp string
$temp = "";
//pull the length of the input
$length = strlen($string);
//loop thru the characters of the input
for($i=0; $i<$length; $i++){
//match our key inside the crypt array and store the contents in the temp array, this builds the crypted output
$temp .= $cryptArray[$string[$i]];
}
//returns the string
return $temp;
}
//function to decrypt
function decryptit($string,$cryptArray){
$temp = "";
$length = strlen($string);
//Swap the keys with data
$cryptArray = array_flip($cryptArray);
//since our character->crypt is count of 3 we must $i+3 to get the next set to decrypt
for($i =0; $i<$length; $i = $i+3){
//read from the key
$temp .= $cryptArray[$string[$i].$string[$i+1].$string[$i+2]];
}
return $temp;
}
$crypted = cryptit($string,$cryptArray);
echo $crypted;
$decrypted = decryptit($crypted,$cryptArray);
echo $decrypted;
The input was : aab
The output is:
xyzxyz256
aab
Here's the 3v4l link:
https://3v4l.org/chR2A
Related
Please what could be wrong with my code? The code is meant to encrypt a given string. It does the encryption quite alright but when echoing the encrypted value, it adds numbers to the it. Here is the code:
$keys = "Bb94tU1LSSLgPKNu";
$encrypt = array();
// this contains the key/value pair i used for the encryption
$arrayEncrypt = array("a"=>"g","b"=>"h","c"=>"i","d"=>"j","e"=>"k","f"=>"l","g"=>"m","h"=>"n","i"=>"o","j"=>"p","k"=>"q","l"=>"r", "m"=>"s","n"=>"t","o"=>"u","p"=>"v","q"=>"w","r"=>"x","s"=>"y","t"=>"z","u"=>"a","v"=>"b","w"=>"c","x"=>"d","y"=>"e","z"=>"f","A"=>"G","B"=>"H","C"=>"I","D"=>"J","E"=>"K","F"=>"L","G"=>"M","H"=>"N","I"=>"O","J"=>"P","K"=>"Q","L"=>"R","M"=>"S","N"=>"T","O"=>"U","P"=>"V","Q"=>"W","R"=>"X","S"=>"Y","T"=>"Z","U"=>"A","V"=>"B","W"=>"C","X"=>"D","Y"=>"E","Z"=>"F","0"=>"2","1"=>"4","2"=>"6","3"=>"8","4"=>"0","5"=>"9","6"=>"7","7"=>"5","8"=>"3","9"=>"1");
for ($i = 0; $i < strlen($keys); $i++) {
if (array_key_exists($keys[$i], $arrayEncrypt)) {
foreach ($arrayEncrypt as $key => $letter) {
if ($keys[$i] == $key) {
// appends the values of each in $encrypt array
array_push($encrypt, $letter);
}
}
}
}
$encryptedValue = "";
foreach ($encrypt as $encrypted) {
$encryptedValue .= $encrypted;
echo $encryptedValue;
}
It prints:
H2h210z2A24R2Y2Y2R2m2V2Q2T2a2
Instead of:
Hh10zA4RYYRmVQTa
In any case, you were over complicating it trying to use the $i instead of just using the name to get the matching value. str_split() to get an array of characters then it's just a matter of $arrayEncrypt[$value]. To undo you can use array_flip().
Made you a nice function to encrypt and decrypt. Enjoy
<?php
// 1 to encrypt
// 2 to decrypt
function encdec($do, $keys){
$arrayEncrypt = array("a"=>"g","b"=>"h","c"=>"i","d"=>"j","e"=>"k","f"=>"l","g"=>"m","h"=>"n","i"=>"o","j"=>"p","k"=>"q","l"=>"r", "m"=>"s","n"=>"t","o"=>"u","p"=>"v","q"=>"w","r"=>"x","s"=>"y","t"=>"z","u"=>"a","v"=>"b","w"=>"c","x"=>"d","y"=>"e","z"=>"f","A"=>"G","B"=>"H","C"=>"I","D"=>"J","E"=>"K","F"=>"L","G"=>"M","H"=>"N","I"=>"O","J"=>"P","K"=>"Q","L"=>"R","M"=>"S","N"=>"T","O"=>"U","P"=>"V","Q"=>"W","R"=>"X","S"=>"Y","T"=>"Z","U"=>"A","V"=>"B","W"=>"C","X"=>"D","Y"=>"E","Z"=>"F","0"=>"2","1"=>"4","2"=>"6","3"=>"8","4"=>"0","5"=>"9","6"=>"7","7"=>"5","8"=>"3","9"=>"1");
if ($do==2){
$arrayEncrypt=array_flip($arrayEncrypt);
}
$chars = str_split($keys);
$encryptedValue="";
foreach($chars as $char=>$value){
$encryptedValue .= $arrayEncrypt[$value];
}
return $encryptedValue;
}
echo "Encrypted key: ".encdec(1,"Bb94tU1LSSLgPKNu")."<br />";
echo "Decrypted key: ".encdec(2,"Hh10zA4RYYRmVQTa")."<br />";
?>
Okay so I'm trying to make a system where I can call:
echo _stringClamp("string");
it pushes "string" & the random string(needs to be a new random string each refresh) to an array, and if I call it twice
echo _stringClamp("string");
echo _stringClamp("string");
it will echo the same value.
This is what I have so far.
<?php
function _stringClamp ($string){
$stringSave = $string;
$stringChars = "QWERTYUIOPASDFGHJKLZXCVBNM1234567890";
$strings = array();
$string = str_shuffle($string);
$string = "__" . $string;
$id = end($strings);
for ($i = 0; $i < 15; $i++) {
$string.= $stringChars[rand(0, strlen($stringChars) - 1)];
}
$strings[$stringSave] = $stringSave;
if (in_array($stringSave, $strings)) {
return $strings[$string];
}else{
$strings[$stringSave] = $string;
print_r($strings);
}
}
echo _stringClamp("IDs");
echo "<br>";
echo _stringClamp("IDs");
?>
In order to get what you are asking for you would probably need to have a random value generated before you call the function then use that random value as a second parameter such as:
<?php
$num = rand(0, 100000);
echo _stringClamp("string", $num);
echo _stringClamp("string", $num);
?>
This would provide a random number to use in your function but if you refresh the page the number will change. However if called twice on the same page it would have the same output value.... Right?
You could even use a randomly generated string instead of a number...
If i understand you correctly, you need to use hash-functions (guarantee same output for same input).
Just hash the current time.
$Seed = time();
$RandomString = md5($Seed);
If you don't want to string to be predictable (eg knowing when the script ran could let someone predict the string) then use a random number generator...
$Seed = rand();
$RandomString = md5($Seed);
As long as the variable is declared somewhere outside the function...
$RandomString = md5(time());
function _stringClamp($String) {
global $RandomString;
return $String . $RandomString;
}
You should get the same string every time
Using PHP, I'm trying to encode a number into another number that I can decode back to the original number. The encoded string needs to be only numbers and should not contain anything else.
Eg: 10 becomes 573563547892 or something like that.
How can I do something like this in PHP? I tried quite a few encrypt decrypt functions, but none output only numbers.
I looking for something to use in a URL that isn't easy to guess.
So: http://www.me.com/index.PHP?page=20 becomes http://www.me.com/index.PHP?page=5705254782562466
Why not using a mathematicat operation on the original number? like x becomes x * y + z. you would only have to make the reverse operation to get the original number. consider using large enough prime numbers for y and/or z
Quite heavy, but very good encryption, by using ord & chr a bit. While this works, consider other options: just being able to use strings rather then numbers already makes it a lot simpler (base64_encode etc.):
<?php
class Crypter {
private $key = '';
private $iv = '';
function __construct($key,$iv){
$this->key = $key;
$this->iv = $iv;
}
protected function getCipher(){
$cipher = mcrypt_module_open(MCRYPT_BLOWFISH,'','cbc','');
mcrypt_generic_init($cipher, $this->key, $this->iv);
return $cipher;
}
function encrypt($string){
$binary = mcrypt_generic($this->getCipher(),$string);
$string = '';
for($i = 0; $i < strlen($binary); $i++){
$string .= str_pad(ord($binary[$i]),3,'0',STR_PAD_LEFT);
}
return $string;
}
function decrypt($encrypted){
//check for missing leading 0's
$encrypted = str_pad($encrypted, ceil(strlen($encrypted) / 3) * 3,'0', STR_PAD_LEFT);
$binary = '';
$values = str_split($encrypted,3);
foreach($values as $chr){
$chr = ltrim($chr,'0');
$binary .= chr($chr);
}
return mdecrypt_generic($this->getCipher(),$binary);
}
}
$crypt = new Crypter('secret key','12348765');
$encrypted = $crypt->encrypt(1234);
echo $encrypted.PHP_EOL;
//fake missing leading 0
$encrypted = ltrim($encrypted,'0');
echo $encrypted.PHP_EOL;
$decrypted = $crypt->decrypt($encrypted);
echo $decrypted.PHP_EOL;
Result:
057044206104214236155088
57044206104214236155088
1234
I am trying to decode encrypted data in PHP, however the return value keeps coming back as null.
The data to be decrypted comes into the PHP file as a data argument.
$dataArg1 = $_REQUEST["data"];
// Retrieve $encryptedData from storage ...
//
// Load the private key and decrypt the encrypted data
$encryptedData = $dataArg1;
$privateKey = array ( array(123456,654321,123456), array(123456,1234),
array(1234567,4321)
);
openssl_private_decrypt($encryptedData, $sensitiveData, $privateKey);
The function above comes from the second response of another posting here on Stack Overflow:
How to encrypt data in javascript and decrypt in php?
I assume that the decrypted value is in the PHP variable, $sensitiveData.
When I echo that to the screen, I get nothing.
echo("sensitiveData=[$sensitiveData]<br />");
Thoughts?
UPDATE:
The return value from openssl_private_decrypt() is FALSE, and the return value is NULL.
UPDATE 2:
I created the public/private key from the following URL.
http://shop-js.sourceforge.net/crypto2.htm
At the bottom, there is the line:
And put the following in your private script (probably on your local hard disk -- not on the internet -- if your private key is found this whole thing is useless.)
<script>
function decrypt() {
// key = [ [d], [p], [q] ];
var key=[[123456789,123456789,123456789],[123456789,1234],[123456789,4321]];
document.form.text.value=rsaDecode(key, document.form.text.value);
}
</script>
(actual values changed)
I copied translated the "var key=" line to PHP (per my other posting). Translation above using embedded arrays. I then past that key to the decrypt function.
My thought is that the PHP documentation calls the private key "mixed". I am wondering if maybe I need a different format for the private key.
Here is the output:
dataArg1=[jmOdss9ktFc\"WO5eltUZXt0rpqS1NluNKa]
bResult=[]
sensitiveData=[]
var_dump=[NULL ]
$privateKey has to be in a certain format. You can't just throw in random data to it and magically expect it to know what to do with it.
Also, looking at the js you're using, it's not just doing RSA. It has a function named base64ToText. It's decoding the ciphertext with that, taking the first byte as the length of the "encrypted session key", getting the "encrypted session key", decrypting that with RSA and then using that as the key to RC4 to decrypt it. But there are a number of problems with that too. Among other things, base64ToText isn't the same thing as PHP's base64_encode as the name might imply.
Anyway I wasn't able to get it to working. Personally, I'd recommend something more like this (which is interoperable with PHP / phpseclib's Crypt_RSA):
http://area51.phpbb.com/phpBB/viewtopic.php?p=208860
That said, I did manage to figure a few things out. Your js lib uses base-28. To convert numbers from that format to one phpseclib uses you'll need to use this function:
function conv_base($num)
{
$result = pack('N', $num[count($num) - 1]);
for ($i = count($num) - 2; $i >= 0; --$i) {
_base256_lshift($result, 28);
$result = $result | str_pad(pack('N', $num[$i]), strlen($result), chr(0), STR_PAD_LEFT);
}
return $result;
}
function _base256_lshift(&$x, $shift)
{
if ($shift == 0) {
return;
}
$num_bytes = $shift >> 3; // eg. floor($shift/8)
$shift &= 7; // eg. $shift % 8
$carry = 0;
for ($i = strlen($x) - 1; $i >= 0; --$i) {
$temp = ord($x[$i]) << $shift | $carry;
$x[$i] = chr($temp);
$carry = $temp >> 8;
}
$carry = ($carry != 0) ? chr($carry) : '';
$x = $carry . $x . str_repeat(chr(0), $num_bytes);
}
Here's the script I used to confirm the correctness of that:
<?php
include('Math/BigInteger.php');
$p = array(242843315,241756122,189);
$q = array(177094647,33319298,129);
$n = array(45173685,178043534,243390137,201366668,24520);
$p = new Math_BigInteger(conv_base($p), 256);
$q = new Math_BigInteger(conv_base($q), 256);
$n = new Math_BigInteger(conv_base($n), 256);
$test = $p->multiply($q);
echo $test . "\r\n" . $n;
ie. they match.
I also ported your js's base64ToText to PHP:
function decode($t)
{
static $b64s = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_"';
$r = '';
$m = $a = 0;
for ($n = 0; $n < strlen($t); $n++) {
$c = strpos($b64s, $t[$n]);
if ($c >= 0) {
if ($m) {
$r.= chr(($c << (8-$m))&255 | $a);
}
$a = $c >> $m;
$m+=2;
if ($m == 8) {
$m = 0;
}
}
}
return $r;
}
Among other potential problems I may have encountered... who knows if their RC4 implementation is correct? Their base64 implementation isn't so it wouldn't be without precedent for the RC4 implementation to be broken too.
I need fast way for generating random strings a-Z0-9 in PHP. I've been doing some thinking and testing, this is what I've got so far:
function randStr($length) {
$result = null;
$replace = array('/', '+', '=');
while(!isset($result[$length-1])) {
$result.= str_replace($replace, NULL, base64_encode(mcrypt_create_iv($length, MCRYPT_RAND)));
}
return substr($result, 0, $length);
}
Function seems to be working fast compared to functions which iterate and choose random ASCII value for each char, but I'm concerned with 'quality' of my implementation. I do not know much about cryptography, so I'd like to ask whether this kind of function creates 'good' random values or not.
mcrypt_create_iv seems to return some kind of random binary values, actually used for encrypting/decrypting data with mcrypt library. What is base64_encode effect on this kind of binary data, do I actually decrease entropy, when I base64_encode it?
How does second parameter for mcrypt_create_iv affect my results? php.net manual states that MCRYPT_RAND is 'system random number generator'. Is it OS specific and if so, how good values are created?
This supposed to be secure on most of the systems and fast:
bin2hex(openssl_random_pseudo_bytes($length / 2));
benchmarks (1000000 records, string length 100 chars)
rstr1: 198.93383002281
rstr2: 35.5827729702
rstr3: 6.8811790943146
rstr4: 5.4545040130615
this:: 3.9310231208801
For anyone looking for an updated version of the "best" algorithm:
function randomString($length) {
$result = null;
$replace = array('/', '+', '=');
while(!isset($result[$length-1])) {
$result.= str_replace($replace, NULL, base64_encode(random_bytes($length)));
}
return substr($result, 0, $length);
}
I use the term "best" because it is faster than the random string manipulations of rstr1 and rstr2 and in comparison to the other solutions offers a full spectrum of letters (lower- and uppercased).
From my tests, your function is already very fast, but i managed to get to a faster one, even if it decreases the entropy
fcn time
rstr1: 1.074s (slowest)
rstr2: 0.917s
rstr3: 0.028s (yours)
rstr4: 0.022s (mine)
In my scenario, i needed 1k strings, as fast as possible.
function rstr1($length)
{
// #see http://stackoverflow.com/a/853846/11301
$alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
return substr(str_shuffle(str_repeat($alphabet, $length)), 0, $length);
}
function rstr2($length)
{
// #see http://stackoverflow.com/a/853870/11301
$alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$str = '';
$count = strlen($alphabet);
while ($length--) {
$str .= $alphabet[mt_rand(0, $count-1)];
}
return $str;
}
function rstr3($length) {
// #see http://stackoverflow.com/q/4757392/11301
$result = null;
$replace = array('/', '+', '=');
while(!isset($result[$length-1])) {
$result.= str_replace($replace, NULL, base64_encode(mcrypt_create_iv($length, MCRYPT_RAND)));
}
return substr($result, 0, $length);
}
function rstr4($length)
{
// uses md5 & mt_rand. Not as "random" as it could be, but it works, and its fastest from my tests
return str_shuffle(substr(str_repeat(md5(mt_rand()), 2+$length/32), 0, $length));
}
// test the functions
for($i=0; $i<1000; $i++){
#$x = rstr1(1024); #
#$x = rstr2(1024); # 0.917s
#$x = rstr3(1024); # 0.028s
#$x = rstr4(1024); # 0.022s
#dlog($x); return;
}
base64_encoding won't decrease entropy, it is just a different representation of the same data.
It is OS specific, but I think the random values created are good enough with this function. Under PHP 5.3 you have to seed the generator beforehand, it can be a problem if you use this code on different servers.
I usually work with this one.
Also I can choose if I don't want certain characters
function rstr5($length = 1) {
return substr(str_shuffle(str_repeat("0123456789abcdefghijklmnopqrstuvwxyz", $length)), 0, $length);
}
This is how I'm doing it, though it's not exactly cryptographic; The Mersenne Twister is fast and reliable, but not the most secure.
function str_rand($chars, $len)
{
$str = '';
for ($max = strlen($chars) - 1, $i = 0; $i < $len; ++$i)
{
$str .= $chars[mt_rand(0, $max)];
}
return $str;
}
$strRand = str_rand('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', 40);