How strong is my encryption?

[benphp]

I wrote a text encryption function that uses a combination of looped base64_encode, mcrypt_encrypt, and random-ish str_replace that produces a fairly meaningless chunk of text.

 

How strong is this encryption? For example, how long would it take for the Chinese government to crack it?

Edited October 17, 2013 by benphp

[Psycho]

Probably not long.

 

The fact that you have not provided any code makes me think that the strength of the encryption is dependent upon the method of encryption being unknown to the attacker. That is not how a good encryption process should work - obfuscation is not security.

 

There are plenty of current encryption methods that are currently, for all intents and purposes, uncrackable.

[requinix]

The only part of your "encryption" algorithm that could possibly mean anything is the mcrypt_encrypt() stuff. base64_encode() and str_replace() don't make it more secure.

[adoado]

Never invent your own encryption methodology.

 

You can disregard that message, sure, but it's not me saying it - it's the professionals. Why? Because security is not a topic where things are obvious (by definition) so a flaw that you or I cannot see may be easily visible when it's analyzed by those who understand it. If you want to ensure security - use known encryption algorithms such as AES. RSA, etc.

 

Experimenting is fine, and definitely worth doing. But never deploy your own solution in practice.