NYCPHP Meetup

NYPHP.org

[nycphp-talk] Encrypt/Decrypt without MCrypt

Jeff Siegel jsiegel1 at optonline.net
Mon Dec 1 09:47:53 EST 2003 

$sSecret would be used for all records.

I'm trying to find out if the client has a particular requirement in 
terms of encrypting since it's sensitive data.

"ain't I sneaky?" - Yes!

Jeff

Brian Pang wrote:

> I do something similar to this when I need to be able to decrypt something.
> As long as noone gets a hold of your code to reverse engineer it.
> 
> Is $sSecret user provided or are you re-using that for all records?
> 
> I usually also append/prepend/insert my own "garbage" strings to the
> base64_encode results so that a simple base64_decode doesn't quite
> produce the "encrypted" data.
> Of course, don't forget to take them out again when you are decrypting.
> Also, sometimes I base64_encode the base64_encode result, or three times
> even... or four.. ain't I sneaky?
> One other thing to do it to get the ord() value for each char before or
> after base64-ing it, just to mess things up even more. Use chr() to do
> the reverse.
> 
> Finally, write the code for this particular piece in the most cryptic
> manner that you can and don't comment the code. Don't use easy to follow
> var names like "sEncoded"   Use single letters or other nonsense or
> random strings for var names, and put in lots of other useless code just
> to make it hard to interpret should anyone get a hold of it.
> 
> 
> 
> 
>>I may be faced with a situation where I don't have MCrypt for 
>>encrypting/decrypting data. I need to store the PIN numbers in a 
>>database and be able to retrieve them. Is there some other method I can 
>>use instead? I was thinking, perhaps, something like the following:
>>
>>$myPinNumber = "123DGH";
>>$sSecret    = '7R5D1N3V5C4Y6Z2X';
>>$ary    = array('PIN'    =>    $myPinNumber, 'Secret'    =>   
> 
> $sSecret);  
> 
>>$sEncoded    = base64_encode(serialize($ary));
>>
>>Jeff Siegel
>>
>>_______________________________________________
>>talk mailing list
>>talk at lists.nyphp.org
>>http://lists.nyphp.org/mailman/listinfo/talk
>>
>>
> 
> 
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>

More information about the talk mailing list