ansaurus

Question

obfuscate or encrypt some plain text data in PHP

Answer 1

+5 A:

How about base64 encoding? We use to use that to make SMS messages in our SMS Gateway DB unreadable by the developers.

karim79 2009-06-25 12:28:29

oO You employ developers that are unable to spot and decode base64? (just kidding, couldn't resist...)

VolkerK 2009-06-25 12:35:27

anyone can tell on the first sight base64 is used and decode it in a second. how does that make SMS "undreadable"?

dusoft 2009-06-25 12:36:15

Our concern was not to 'encrypt' just to make it 'not readily readable'. I was one of the developers and yes, I could have decoded any of it in a second.

karim79 2009-06-25 12:38:55

There are some locks that exist just to keep honest people honest.

Colin Pickard 2009-06-25 15:13:43

@dusoft: his SMS is meant to be 'undreadable'? =)

David Thomas 2009-06-25 16:04:28

@Colin: you don't *have* to keep honest people honest; that's *why* they're honest! ...ugh. The vitriol's not entirely aimed at you, it's just I got sick of hearing this -stupid- argument from the RIAA and MPAA.

David Thomas 2009-06-25 16:06:14

Answer 2

+4 A:

There are a few options.

If you want very strong, you could look into mcrypt.

But if it's only so working developers cant read the text without some work to actually do it. Then you could just BASE64 encode it or uuencode it

Ólafur Waage 2009-06-25 12:31:29

Answer 3

+1 A:

Try using the mcrypt library. It's not included with standard PHP, but it's easily downloadable and very commonly used. Here's a quick tutorial on what you can do with it.

It's best to make sure the key you use for the encryption is stored in a secure place, but if you aren't really concerned about security, you'd probably be OK just hardcoding the key into your code somewhere.

Eric Petroelje 2009-06-25 12:32:44

Answer 4

+2 A:

If you have mcrypt installed (all my current PHP environments have), you could use mcrypt_encrypt and mcrypt_decrypt like this:

function encrypt ($text) {
  global $key;
  return mcrypt_encrypt (MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, "abcdefghijklmnopqrstuvwxyz012345");
}

function decrypt ($secret) {
  global $key;
  return rtrim (mcrypt_decrypt (MCRYPT_RIJNDAEL_256, $key, $secret, MCRYPT_MODE_ECB, "abcdefghijklmnopqrstuvwxyz012345"), "\0");
}

which uses a global $key and AES (very strong).

Drawbacks are performance (in comparison to simpler ones like Base64) and that you somehow have to fix a key.

Cheers,

Boldewyn 2009-06-25 12:34:29

Answer 5

+1 A:

if you're using mysql around version 5, then you don't even need much php for it, you can do it inside your query with the mysql string functions encrypt(text, password) and decrypt(text, password)

http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html

DECODE(crypt_str,pass_str)

Decrypts the encrypted string crypt_str using pass_str as the password. crypt_str should be a string returned from ENCODE().
ENCODE(str,pass_str)

Encrypt str using pass_str as the password. To decrypt the result, use DECODE().

The result is a binary string of the same length as str.

The strength of the encryption is based on how good the random generator is. It should suffice for short strings.

update: another possibility would be rot13 ^^

Schnalle 2009-06-25 14:58:55

I really like the same length string output, however, I'm not on mysql. The rot13 looks promising

KM 2009-06-25 15:50:47

But...I think rot13 was a joke.

David Thomas 2009-06-25 16:02:58

@ricebowl, but I only need a simple solution

KM 2009-06-25 17:37:29

rot13 was indeed a joke. rot13 is ALWAYS a joke ^^

Schnalle 2009-06-26 04:20:00

Answer 6

+2 A:

for simple obfuscation use strtr() - Translate certain characters:
string strtr ( string $str , string $from , string $to )

to encode in php:

$readable='This is a special test string ABC123 ([+,-!#$%&*])';    
$unreadable=strtr($readable,' !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ'
                           ,'¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ '
                      );
print $unreadable; //outputs: "ÕéêôAêôAâAôñæäêâíAõæôõAôõóêïèAÂÃÄ²³´A©Ü¬®¢¤¥¦§«Þª"

to decode in php:

$unreadable='ÕéêôAêôAâAôñæäêâíAõæôõAôõóêïèAÂÃÄ²³´A©Ü¬®¢¤¥¦§«Þª';
$readable=strtr($unreadable,'¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ '
                           ,' !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ'

               );
print $readable; //outputs: "This is a special test string ABC123 ([+,-!#$%&*])"

you can easily replicate this logic in the DB if necessary (without looping): Using a Table of Numbers, by Erland Sommarskog

KM 2009-06-26 20:48:46

I really likes the base 64 idea, but I need the data to fit into existing database fields. The rot13() was fairly simple and kept the same size, but this strtr() is good enough for my purpose.

KM 2009-06-29 19:49:43

ansaurus

tags:

views:

answers:

obfuscate or encrypt some plain text data in PHP

related questions