I don't know a whole lot about encryption, but this is something I wrote for a project I was working on. I'd be interested to hear how it could be improved and/or its strengths and weaknesses. Obviously any encryption scheme that is this short presents a time problem, it being very quick as compared to other algorithms. However, my goal with this one was simplicity and some level of security.
function x($str, $key){
$num = round(strlen($str)/strlen($key));
$key_tmp = str_repeat($key, ($num >= 1 ? $num : 1));
$encrypted = $str ^ $key_tmp;
return $encrypted;
}
February 12th, 2008 at 5:48 am
what did you need it for?
I was thinking of doing soemthing like this a few days ago but got distracted
February 12th, 2008 at 6:14 pm
Just a way to add encrypted stuff at the bottom of a PHP file. Nothing special.
February 14th, 2008 at 10:38 am
XOR really shouldn't be used if your expecting any level of security. While I agree it is fast, try encrypting some known text and examine, with a hex editor, the output. You'll find after trying this a few times that the output looks very much like one had used a substitution cipher on the plaintext, which is really all XOR behaves like. If a person is even mildly skilled at cryptanalysis they will know what the ciphertext is within seconds of looking at it and know how to derive a suitable means of decryption.
Lets say you use XOR to encrypt a byte of, say H, with 7, for example, the resulting binary would look like this:
7 = 00000110
H = 01001000
So, the final binary string would be: 01001110, which would be: N in ASCII. So, as I mentioned above, if you give this to someone that has done this stuff enough, they will know how it was done and be able to reverse it, within a reasonable amount of time. Heck, the NSA probably breaks this kinda thing over morning coffee.
Don't get me wrong. This is not to put you off of coding. Just responding to your request about potential weaknesses in the algorithm. While i'm not an NSA coderbreaker, I have critiqued encryption algorithms years ago, and have even written a few myself; although in C/Assembly and not PHP. Feel free to email me if you'd like to correspond more.
February 14th, 2008 at 10:35 pm
Thanks for the comment, I appreciate the lesson. Like I said, I'm woefully ignorant when it comes to cryptography, so everything helps. This definitely won't put me off coding, but hopefully I won't make any more mistakes in this regard
February 18th, 2008 at 10:43 am
If you want to write or understand existing encryption algorithms there is probably no better book than Bruce Scheier's 'Applied Cryptography: Protocols, Algorithms, and Source Code in C'.
http://books.google.co.uk/books?id=000CAAAACAAJ
February 20th, 2008 at 6:58 pm
Actually, mistakes are a Good Thing. That's how we all learn.
I can't even count the number of times I crashed/locked up my own box when learning to hook interupts using x86 assembly language.
Here is a link to a site that may give you some idea on your next coding foray into PHP encryption.
http://www.seocompany.ca/software/free-encryption-software.html
April 25th, 2008 at 7:25 am
I disagree with the comment above, with a long enough key. Cracking the encryption is very difficult, in fact for a random key longer than the plain text decryption is impossible.
April 27th, 2008 at 2:05 pm
It's your right to disagree. However the original post didn't take long keys into account as it was a simple answer to a simple question.
XOR does one thing and one thing only. It takes a seed value and XOR's it with the datum (be it a byte, word, etc). Once you have the value that was XOR'ed with the data, you've broken that ciphertext no matter the length of the original key.
Now by random, in your statement above, I assume you mean a random value for each datum being encrypted? Datum, in this case, being a pre-chosen length of 1's and 0's that the "encryption algorithm" uses. If that is so, how would the key be transmitted? The other side of the transmission would need to know it, and if it works like PK, then you no longer are using simple XOR. I haven't seen any "Public Key XOR" algorithms out there. As well, what generates the "seed values"? Does it a have a predictable pattern? If so, then it can be cracked.
XOR is not used primarily because it *can* be broken so easily. Saying it would be impossible to crack just because of key length is a bit short-sighted since, if it were that good, we'd have no need of any other encryption. In any event, cryptanalysis is getting better and better all the time so key lengths really don't mean much.