Thread Rating:
  • 1 Vote(s) - 1 Average
  • 1
  • 2
  • 3
  • 4
  • 5
My encryption method (SECURITY)
#1
So, I got bored as heck and made this encryption for my site.

Here it is.

INDEX
<?php
require_once("encrypt.class.php");
// FORMAT: $enc->encryptData('data/text here');
$enc->encryptData('happyface');
if($enc->tryEncryption('happyface') == true)
{
	echo "Unencrypted";
}
else
{
	echo "Too strong encryption for you?";
}
?>

encrypt.class.php
<?php require('DBFunctions.connect.class.php'); require('encrypt.saltSettings.php');
class encrypt {
	public function encryptData($string)
	{
		$stringORG = $string;
		$string = str_rot13($string);
		$string = md5($string);
		$string = substr($string, 5, 15);
		$string = sha1(SALT . $string);
		$string = md5($string);
		$string = sha1(SALT . $string);
		$string = str_rot13($string);
		$string = substr($string, 5, 15);
		$string = md5(SALT . $string);
		mysql_query("INSERT INTO `encryptions` (`encvalue`, `realvalue`) VALUES ('".$string."', '".$stringORG."');");
		return $string;
	}
	public function tryEncryption($tried)
	{
		$query = mysql_query('SELECT * FROM encryptions');
		while($row = mysql_fetch_assoc($query))
		{
			$encVal = $row['encvalue'];
			$actVal = $row['realvalue'];
		}
			$actTried = $tried;
			$tried = str_rot13($tried);
			$tried = md5($tried);
			$tried = substr($tried, 5, 15);
			$tried = sha1(SALT . $tried);
			$tried = md5($tried);
			$tried = sha1(SALT . $tried);
			$tried = str_rot13($tried);
			$tried = substr($tried, 5, 15);
			$tried = md5(SALT . $tried);
			if($encVal==$tried)
			{
				if($actVal==$actTried)
				{
					return true;
				}
			}
	}
}
$enc = new encrypt;
?>
(is it overkill)

Salt settings
<?php
define('SALT', '225fdladsl1blablabla;1='); // not real salt - just a fake one
?>

DB Connection class
<?php
mysql_connect('localhost', 'user', 'pass') or die('DBFunctions connection class error!');
mysql_select_db('encryptionDatabase') or die('ERROR');
?>

Overkill? Wink
#2
Hashing something multiple times does not make it more secure. Take a look at this: http://arstechnica.com/security/2012/08/...r-assault/
#3
(2012-08-27, 06:24 PM)euantor Wrote: Hashing something multiple times does not make it more secure. Take a look at this: http://arstechnica.com/security/2012/08/...r-assault/

Correct, if someone edited the source say on a program such as "Hashcat" you have the method and could run a password list to attempt the same encryption method above to try and decrypt the string.


Forum Jump:


Users browsing this thread: 1 Guest(s)