当前位置: 动力学知识库 > 问答 > 编程问答 >

PHP self encoding algorithm

问题描述:

I've been using base64 encoding for a while & it isn't secure because some decoders can easily identify it.

So is it a good idea to develop my own mechanism to protect data or make my encryption algorithm, if yes then how does self made encryption code look like?

网友答案:

No, it is not a good idea to develop your own mechanism to protect data or make your own encryption algorithm.

You have to leave that to the experts. That is also the reason why we see you asking that question here. Listen to your inner voice, trust yourself to not trust yourself in this case.

(I don't want to say that you can not do whatever pleases you and I don't want to stop your from learning, just for the practical guideline in production environments, encryption, especially developing your own algorithm, is not only a high-art in it's own, it's also always the question how to ensure to not do any silly mistakes that can happen so often.)

网友答案:

Now that you've clarified you want to encrypt data in cookies, the first question to be asked is why? Is this data that could be kept in a session variable instead?

About the only thing I can think of that makes sense would be if you were storing a remember me password or some other sensitive credential that you wanted to be entirely sure could not be read out of the cookie. If your concern is security in transport (someone could sniff the data from the network) then you should be using HTTPS.

With that said, php has mcrypt which is a wrapper around many different types of proven ciphers. With these, a general rule of thumb is that the more bits you use the better, and you want to employ CBC mode and avoid ECB.

Start by reading about the mcrypt-encrypt function, and mcrypt-decrypt to decrypt the value.

网友答案:

Anybody could build an Encoder in php there are several types chipers are the most simple to understand however they are easy to break and would not be recommended to be used saying that if you just trying to protect something from a simple user or you wish to learn how to build some security in that it makes it a little harder to identify you could look into cypers or modulating cypers for a bit of security.

Just recently i was talking to someone who wanted to understand the basic's so i built one based on binary value manipulation,

DO NOT USE THIS FOR ANYTHING MORE THAN PLAYING OR LEARNING A LITTLE

class binChar{
    function __construct(){
        $this->pats = array('0', '1', '00', '11', '000', '111', '0000', '1111', '00000', '11111');
    }

    function encrypt($str){
        $str = str_replace(array("\r", "\n", "\t", " "), array('\r', '\n', '\t', '\s'), $str);
        $strN = str_split($str);
        $bin = "";
        foreach($strN as $char){
            $charC = decbin(ord($char));
            $count = count((string)$charC);
            while($count < 8){
                $chars = "0".$charC;
                $count++;
            }
            $bin .= $chars;
        }
        echo "Given \r\n ".$str." \r\n Binary\r\n".$bin."\r\n";
        foreach($this->pats as $key => $pat){
            $bin = str_replace($pat, $key, $bin);
        }
        return $bin;
    }

    function decrypt($bin){
        foreach($this->pats as $key => $pat){
            $bin = str_replace($key, $pat, $bin);
        }
        $str = "";
        $chars = str_split($bin, 8);
        foreach($chars as $char){
            $str .= chr(bindec($char));
        }
        $str = str_replace(array('\r', '\n', '\t', '\s'), array("\r", "\n", "\t", " "), $str);
        return $str;
    }
}

$enc = new binChar();
$test = $enc->encrypt("Hello World");
echo "Encrypted\r\n".$test;
echo "\r\nDecrypted\r\n".$enc->decrypt($test);

I Repeat i would never recommend you used this for anything other than playing with and testing / learning how it works it's just a basic example of some obfuscation.

And i know using AES in php is not easy to understand and it's not a simple function call however using it your data will be secured far better.

分享给朋友:
您可能感兴趣的文章:
随机阅读: