Mix two strings into one longer string PHP

Question

I have two strings and I would like to mix the characters from each string into one bigger string, how can I do this in PHP? I can swap chars over but I want something more complicated since it could be guessed.

And please don't say md5() is enough and irreversible. :)

$string1 = '9cb5jplgvsiedji9mi9o6a8qq1';//session_id()
$string2 = '5d41402abc4b2a76b9719d911017c592';//md5()

Thank you for any help.

EDIT: Ah sorry Rob. It would be great if there is a solution where it was just a function I could pass two strings to, and it returned a string.

The returned string must contain both of the previous strings. Not just a concatination, but the characters of each string are mingled into one bigger one.

Answer 1

If you want to make a tamper-proof string which is human readable, add a secure hash to it. MD5 is indeed falling out of favour, so try sha1. For example

$salt="secret";
$hash=sha1($string1.$string2.$salt);
$separator="_";
$str=$string1.$separator.$string2.$separator.$hash;

If you want a string which cannot be read by humans, encrypt it - check out the mcrypt extension which offers a variety of options.

Answer 2

Unless I am missing something if your wanting to combine those values into a unique value why not do sha1(string1, string2);

Answer 3

Use one of the SHA variants of the hash() function. Sha2 or sha256 should be sufficient and certainly much better than anything you could come up with.

Answer 4

I'm guessing you want something reversible, so you can get these values back out. A quick-and-dirty technique for obscuring these two strings further would be to base64-encode them:

base64_encode($string1 . $string2);

Answer 5

Thank you everyone. I completely forgot about the SHA1 - got too into solving a problem that I forgot what else was out there. :)

Answer 6

Well, if not md5(), then sha1(). :)

Anyway,the possibilities to mangle are endless, pick your poison.

What I would do, if I really wanted to do something like that (which can be useful occasionally), I would add another element, chosen on random and shuffle the md5 string by it. and write down the random element in it, too.

For example, let us add to each md5 character a random 2 digit number, which we then split by digits and add 1st digit to resulting string, and 2nd digit - prepend to it.

I stumbled upon someplace where something of that kind was done today. I was trying to find some reference to a particular phone number - whether it appears anywhere on the country-local inet or not.

I visited a popular classified ads site, which gives phone numbers of advertisers and you have the option, when you are looking at a particular ad, to find all ads with the same phone number. Now, what they did, however, was that they encoded search string, so you are not searching for ?phone=123123, but something like ?phone==FFYx23=.

If they hadn't done that, I would be able to find out for my own purposes, rather than checking on ads, IF user with phone 123123 has posted any ads on the site.

Answer 7

If you are looking to verify message integrity and authenticity with hashing - you might want to look at HMAC - there are plenty of implementations in PHP using both SHA1 and MD5:

http://en.wikipedia.org/wiki/HMAC

EDIT: In fact, PHP now has a function for this:

http://us3.php.net/manual/en/function.hash-hmac.php