Jump to content

Archived

This topic is now archived and is closed to further replies.

Ninjakreborn

heavy encryption

Recommended Posts

I looked around for almost 48 hours, and ran across the top 3 most powerful forms of encryption that a programmer can do.  I saw the one for asp, the one for jsp, and the one for php.
Since I program php obviously I picked this.
Here is what I am doing roughly, what I read is it's almost impossible to decode this, unless they get your key, and you just pick a different key each time.
I started using this.
[code]// Begin Password Encryption
srand((double)microtime()*1000000);
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CFB, '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$ks = mcrypt_enc_get_key_size($td);
$key = substr(sha1('I picked a random word for a key here'), 0, $ks);
mcrypt_generic_init($to, $key, $iv);
$ciphertext = mcrypt_generic($td, $password);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
// End Password Encryption
echo "{$password}";
echo "{$iv}";
echo "{$ciphertext}";[/code]
No I didn't copy and paste the code from somewhere, I found out about the functions, and studied all of them, until I had come up with this, I think it's working, but why is it taking so long to encrypt.  I started the process 10 minutes ago, and it's still incrypting, still loading the page from the server.
I also echo'd those so I could see the reactions of what I Had done, but it's not loading, or taking forever, did I do something wrong, or what, I also can decrypt it, this is what I wanted in general, but not this long of an encryption time.  I read this was one of the most powerful libraries when encrypting, so I used the whole library almost to get something pretty powerful, basedon the examples off the php.net, and some stuff I put together.
well nevermind, I got it to work, I had something wrong on it, now do I store the ciphertext into the database, because the iv and that both are pretty strange looking.
THey look like satan.
So another thing I was wondering, I have 1 key, I picked.  Does that mean all password are encrypted based on that key, so if 1 person get's my key all passwords get decrypted.  Or is there a way for me to pick a random key, but then picking a random key I wouldn't be able to decrypt any of them, anyone want to shed some general light on this whole thing. 

Share this post


Link to post
Share on other sites
[code]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'businessman332211@hotmail.com', '3553 Marcia Dr', '', 'Smyrna', 'Ga', '30082', '' at line 1The sign up could not be completed, please try again[/code]
and why in hell won't it let me database it:S

Share this post


Link to post
Share on other sites
well it entered it into the database, and I got it working faster, I had something wrong on it, now I am trying to decrypt but it's not decrypting the password at all what am I doing wrong.
[code]$select = "SELECT username, password FROM userinfo WHERE username = 'joyel'";
$query = mysql_query($select);
$numberrows = mysql_num_rows($query);
while ($array = mysql_fetch_array($query)) {
extract($array);
echo "{$password}<br />";
echo "{$username}<br />";
srand((double)microtime()*1000000);
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CFB, '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$ks = mcrypt_enc_get_key_size($td);
$key = substr(sha1('I picked a random word for a key here'), 0, $ks);

mcrypt_generic_init($td, $key, $iv);
$password = mcrypt_generic($td, $ciphertext);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
echo "{$password}<br />";
echo "{$ciphertext}<br />";
echo "{$newpass}<br />";
}[/code]

Share this post


Link to post
Share on other sites
[code]srand((double)microtime()*1000000);
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CFB, '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$ks = mcrypt_enc_get_key_size($td);
$key = substr(sha1('I picked a random word for a key here'), 0, $ks);

mcrypt_generic_init($td, $key, $iv);
$ciphertext = mcrypt_generic($td, $password);
mcrypt_generic_deinit($td);

mcrypt_generic_init($td, $key, $iv);
$plaintext = mdecrypt_generic($td, $ciphertext);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
echo "{$password}<br />";
echo "{$ciphertext}<br />";
echo "{$plaintext}<br />";[/code]
ok I redid my script some, for my decryption, I did some modification, it's running smoother, but it's not decrypting it.

Share this post


Link to post
Share on other sites
Now I think it's just the encryption worked, but the encryption won't I will build something else to encrypt, and see if I can come up with a nother way to encrypt and decrypt.

Share this post


Link to post
Share on other sites
Well what I did this time, was look for some troubleshooting, and change around my database table some, but it's still not decrypting, still searching, still playing with it, advice appreciated.

Share this post


Link to post
Share on other sites
I retook apart, and rebuilt my decryption agani, but I still get wierd shit when I try to display my password again, once I master this setup, I am going to start playing with different algorithms, but something is keeping it from decrypting, any advice?

Share this post


Link to post
Share on other sites
[quote]any advice?[/quote]
Use MD5.

Share this post


Link to post
Share on other sites
bussiness man if you dont use md5 then we all can decode your code you got to use md5 and i would use salt with it ok.

Share this post


Link to post
Share on other sites
But he wants to be able to decrypt it too.

@Bussinessman- sorry no idea.

Orio.

Share this post


Link to post
Share on other sites
This is the thing, I am trying to get a heavy form of decryption, and no I doubt if any of you could decrypt this in a substantial amount of time, that's what mcrypt is for, it can be decrypted by a hacker, but there just not going to piss on it, and decrypt it without substantial effort, above and beyond what it would be worth.  I want the ability to encrypt and decrypt, I want to get these to work, because I have put this together off thousands of examples, and researched each algorithm to try and get the right one for what I am trying to do, I am trying to create a general encryption and decryption process, I use some "whitening" before encryption so even if it's decrypted, they have to sort through the whitening process before getting to the readable data, so there are 2 things for them to go through, I ahve an idea of building these, getting them to work then running them through functions for me to easily use.  later I want to try building encryption insdie of encryption, using 3-4 different algorithms, 1 at a time, and running the subsequent algorithm through the next, encrypting the encryption. And encrypting the encryption that is encrypting the data, I am wanting to create functions, where you can put in 1 key, and 1 string of information you want encrypted, then it creates a random seed number between 1 and 1000000
Then i am going to have the function run through a series of encryption process, full open module, encrypt, close module, then open another in the same function, and encrypt the data that was encrypted int he other functions with a different key, the funciton will have 4 variables
3 keys, 1 for each algoritm, and the data to insert into the first algorithm
right now I have my eyes on these 4 algoritms to encrypt, then decrypt them the same way, decrypt the last one used, then the third, then second, t hen first to get the data, I might even run all through a base 64 incryption.  The idea is once I have the functions in place, when i encrypt the data, I will use it to encrypt anything even session id's
When I run sessions I am going to pull the user's browser make, model, ip address, windows operating system, javascript enabled/disabled, and create a function to initialize all of that at the start of the session, and recheck all the properties for every page they visit, if one of them don't match up the session is killed.  The session dies after 1hour, the 4 algorithms I am wanting to run it through is
MCRYPT_RIJNDAEL_256
MCRYPT_SAFER128
MCRYPT_TRIPLEDES
MCRYPT_TWOFISH256
these are the ones as I am seeing being most popular, and most powerful
What do you think, the only problem is, I can't get even the first to work, it encrypts it, but it doesn't decrypt it, I was just wondering if it had something to do with the way I am decrypting or if I forgot something.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.