Jump to content

Archived

This topic is now archived and is closed to further replies.

benphp

How strong is my encryption?

Recommended Posts

I wrote a text encryption function that uses a combination of looped base64_encode, mcrypt_encrypt, and random-ish str_replace that produces a fairly meaningless chunk of text.

 

How strong is this encryption? For example, how long would it take for the Chinese government to crack it?

Share this post


Link to post
Share on other sites

Probably not long.

 

The fact that you have not provided any code makes me think that the strength of the encryption is dependent upon the method of encryption being unknown to the attacker. That is not how a good encryption process should work - obfuscation is not security.

 

There are plenty of current encryption methods that are currently, for all intents and purposes, uncrackable.

Share this post


Link to post
Share on other sites

The only part of your "encryption" algorithm that could possibly mean anything is the mcrypt_encrypt() stuff. base64_encode() and str_replace() don't make it more secure.

Share this post


Link to post
Share on other sites

Never invent your own encryption methodology.

 

You can disregard that message, sure, but it's not me saying it - it's the professionals. Why? Because security is not a topic where things are obvious (by definition) so a flaw that you or I cannot see may be easily visible when it's analyzed by those who understand it. If you want to ensure security - use known encryption algorithms such as AES. RSA, etc.

 

Experimenting is fine, and definitely worth doing. But never deploy your own solution in practice.

Share this post


Link to post
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.