Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New Coder
    Join Date
    Jul 2009
    Location
    UK
    Posts
    89
    Thanks
    5
    Thanked 11 Times in 11 Posts

    CygnusCrypt - letter scramble encryption

    I recently wrote this class to encrypt and decrypt data by scrambling characters.

    It takes a pin number, password or mixed password (e.g. p4ssw0rd) and uses it to setup the scrambling of the characters to be encrypted.

    The class can also do the opposite, i.e. use the same pin number, password or mixed password to revert the scrambling and restore the original data from the encrypted value.

    The encrypted data may be encoded using the base64 algorithm to return data using readable characters.

    I have used this script on a few of my websites for passing data through the URL using the GET method. I'm sure it has many more uses though.

    It was a lot of fun to write and I have just kept adding to it. I feel it is now at a point where it could be useful to others.

    Suggestions are welcome

    PHP Code:
    <?php
    ################################################################################
    ################################################################################
    ##########################                   ###################################
    ##########################  CygnusCrypt v2.5 ###################################
    ##########################                   ###################################
    ################################################################################
    ################################################################################
    // This class will encrypt/decrypt data that is passed to it. It has the ability 
    // to add base64 encoding for added protection and to encode the output strings
    // as HTML entities for use on HTML pages. The methods require a pin number
    // to be passed to it.
    ################################################################################
    ##########################       Usage        ##################################
    ################################################################################
    //
    // $newEncryption = new CygnusCrypt;
    // ** set your own secrets **
    // $newEncryption->setSecrets($secretPin, $secret, $secret2, $secret3)->Encryption($pin, $data, $base64Encode, $HTMLEncode);
    // ** use the default secrets **
    // $newEncryption->Encrypt($Pin, $textToEncrypt, $baseEncoding, $HTMLEncode);
    // $newEncryption->encrypt;
    //
    // $decryption = new CygnusCrypt;
    // ** set your own secrets **
    // $newDecryption->setSecrets($secretPin, $secret, $secret2, $secret3)->Decrypt($pin, $encryptedData, $base64Encode, $HTMLEncode);
    // ** use the default secrets **
    // $decryption->Decrypt($Pin, $textToDecrypt, $baseEncoding, $HTMLEncode);
    // $decryption->encrypt;
    //
    // To use $baseEncoding or $HTMLEncode set to the number 1 otherwise set to 0
    //
    // *****************************************************************************
    // WARNING, if you use the same object to encrypt and decrypt data the latter 
    // will overwrite the first.
    // *****************************************************************************

    class CygnusCrypt {
        
        
    // create variables
        
    private $letters;
        private 
    $pin;
        private 
    $numSteps;
        private 
    $secretPin;
        private 
    $random;
        private 
    $random2;
        private 
    $random3;
        private 
    $secretSet;
        
        var 
    $encrypt;
            
        
    // *******************************************************
        // **************** default secrets **********************
        // *******************************************************
        // when creating the object tell it to use the defualt secrets
        
    function __construct() {
            
    $this->secretSet 0;
        }
            
        
    // *******************************************************
        // ************* set characters array ********************
        // *******************************************************
        // All characters contained in this array are able to be encrypted, 
        // use only printable characters from the ASCII table
        
    private function Algo() {
            
    $this->letters = array("!"" ""\"""#""$""%""&""\\""'""("")""*""+"",""-"".""/""0""1""2""3""4""5""6""7""8""9"":"";""<""="">""?""@""A""B""C""D""E""F""G""H""I""J""K""L""M""N""O""P""Q""R""S""T""U""V""W""X""Y""Z""[""]""^""_""`""a""b""c""d""e""f""g""h""i""j""k""l""m""n""o""p""q""r""s""t""u""v""w""x""y""z""{""|""}""~");
            return 
    $this;
        }
        
        
    // *******************************************************
        // ***************** Set Secrets *************************
        // *******************************************************
        
    public function setSecrets($pin$secret1$secret2$secret3) {
        if(empty(
    $pin) or empty($secret1) or empty($secret2) or empty($secret3)) {
            exit(
    "One or more secrets are missing.");
        }
        if(!
    is_numeric($pin)) {
            exit(
    "Secret pin must be numeric.");
        }
        
    $this->secretPin $pin;
        
    $this->random $secret1;
        
    $this->random2 $secret2;
        
    $this->random3 $secret3;
        
    $this->secretSet 1;
        return 
    $this;
        }
        
        
    // *******************************************************
        // ************* Find Step position **********************
        // *******************************************************
        // work out character step (make sure it is always less than or equal to the amount of characters)
        
    private function Step() {
            
    $this->Algo();
            
    $num count($this->letters);
            
    $this->numSteps $this->pin;
            
    $this->numSteps round($this->numSteps);
            while(
    $this->numSteps $num) {
                
    $this->numSteps $this->numSteps 3;
                
    $this->numSteps round($this->numSteps);    
            }        
            return 
    $this->numSteps;
        }
        
        
    // *******************************************************
        // *************** Split and Encrypt *********************
        // *******************************************************
        
    private function SplitCrypt () {
            
    $length strlen($this->encrypt);
            
    $splitBy round($length 4);
            
    $chunks str_split($this->encrypt$splitBy);
            foreach(
    $chunks as $chunk) {
                
    $chunk $this->CygEncrypt($chunk);    
            }
            
    $this->encrypt join($chunks"");
            
    $this->encrypt $this->encrypt.$this->random.$splitBy.$this->random2;
            return 
    $this->encrypt;        
        }
        
        
    // *******************************************************
        // ************** Decrypt and join ***********************
        // *******************************************************
        
    private function SplitDecrypt() {
            
    $splitBy 0;
            if(
    preg_match_all('/$this->random(.*)$this->random2/U'$this->encrypt$match)) {
                
    $splitBy $match[0];    
            }
            
    $splitBy str_replace($this->random""$splitBy[0]);
            
    $splitBy str_replace($this->random2""$splitBy);

            if(
    $splitBy == 0) {
                
    $splitBy 1;
            }
            
    $this->encrypt preg_replace("/$this->random(.*)$this->random2/U"""$this->encrypt);
            
    $length strlen($this->encrypt);
            
    $chunks str_split($this->encrypt$splitBy);
            foreach(
    $chunks as $chunk) {
                
    $chunk $this->CygDecrypt($chunk);
            }
            
    $this->encrypt join($chunks"");
            return 
    $this->encrypt;            
        }
        
        
    // *******************************************************
        // ******* perform character step (encrypt data) *********
        // *******************************************************
        
    private function CygEncrypt($encrypt) {
            
    $this->Algo();
            
    $encrypt str_split($encrypt);
            for (
    $x 0$x count($encrypt); $x++) {
                if(
    in_array($encrypt[$x], $this->letters)) {
                    
    $pos array_search($encrypt[$x], $this->letters);
                    
    $newpos $pos $this->numSteps;
                    
    $numLetters count($this->letters);
                    if(
    $newpos >= $numLetters) {
                        
    $newpos $newpos $numLetters;
                    }
                    
    $encrypt[$x] = $this->letters[$newpos];
                }
            }
            
    $encrypt join($encrypt"");
            return 
    $encrypt;
        }

        
    // *******************************************************
        // ******* perform character step (encrypt data) *********
        // *******************************************************
        
    private function CygDecrypt($encrypt) {
            
    $this->Algo();
            
    $encrypt str_split($encrypt);
            for (
    $x 0$x count($encrypt); $x++) {
                if(
    in_array($encrypt[$x], $this->letters)) {
                    
    $pos array_search($encrypt[$x], $this->letters);
                    
    $newpos $pos $this->numSteps;
                    
    $numLetters count($this->letters);
                    if(
    $newpos "0") {
                        
    $newpos $newpos $numLetters;
                    }
                    if(
    $newpos == $numLetters) {
                        
    $newpos "0";    
                    }
                    
    $encrypt[$x] = $this->letters[$newpos];
                }
            }
            
    $encrypt join($encrypt"");
            return 
    $encrypt;
        }
        
        
    // *****************************************************
        // **************** create pin *************************
        // *****************************************************
        // create a secret pin number, this will be added to the encryption
        // and also determines the letter step.
        
    private function CreatePin($pin) {
            
    $this->Algo();
            if(!
    is_numeric($pin)) {
                
    $splitPin str_split($pin);
                foreach (
    $splitPin as $swap) {
                    if(
    in_array($swap$this->letters)) {
                        
    $pin array_search($swap$this->letters);
                    }
                }
            }
                
    $this->pin $pin $this->secretPin;
            return 
    $this;
        }
        
        
    // *****************************************************
        // ***************** Pin Check *************************
        //******************************************************
        // This adds a string of characters to the encryption which
        // then is checked for before decrypting to see if a pin was used
        ## ** Attention, this is no longer used for a pin check, it now
        ## ** only adds an extra layer to the encryption
        
    private function PinUsed() {
            
    $this->encrypt str_split($this->encrypt);
            
    $length count($this->encrypt);
            
    $randPosition rand(0$length);
            
    // add check to stop undefined offset error
            
    if($randPosition == $length) {
                
    $randPosition $randPosition 1;
            }
            
    $this->encrypt[$randPosition] = $this->random3.$this->encrypt[$randPosition];
            
    $this->encrypt join($this->encrypt"");
            return 
    $this->encrypt;
        }
        
        
    // ****************************************************
        // ************** add/encrypt pin *********************
        // ****************************************************
        // fucntion to add pin to encrypted data
        
    private function PinEncrypt() {
            
    $this->encrypt $this->CygEncrypt($this->encrypt);
            
    $this->encrypt $this->pin.$this->encrypt;
            
    $this->encrypt base64_encode($this->encrypt);
            
    $this->encrypt $this->PinUsed();
            return 
    $this;
        }
        
        
    // ****************************************************
        // ************* public encrypt function **************
        // ****************************************************
        
    public function Encrypt($pin$encryptThis$base$htmlEncode) {
            if(empty(
    $encryptThis)) {
                exit(
    "<br /><br /><span style='text-align:center; font-weight:bold;'>Please enter some text to encrypt.</span><br /><br />");
            }
            if(empty(
    $pin)) {
                exit(
    "<br /><br /><span style='text-align:center; font-weight:bold;'>A pin or password is required.</span></br /><br />");
            }
            
            if(
    $this->secretSet == 0) {
                
    $this->setSecrets("95781""cucuegjs""ufwhcjsh""sdgHJDgsdf");
            }
        
            
    $this->CreatePin($pin);
            
    $this->Step();
            
    $this->encrypt $encryptThis;
            
    $this->encrypt $this->SplitCrypt();
            
            
    $this->PinEncrypt();
            
            
    $this->encrypt $this->CygEncrypt($this->encrypt);
            if(
    $base == "1") {
                
    $this->encrypt base64_encode($this->encrypt);    
            }
            
            if(
    $htmlEncode == "1") {
                
    $this->encrypt htmlentities($this->encrypt);
            }
            return 
    $this->encrypt;
        }
        
        
    // ****************************************************
        // *********** public decrypt function ****************
        // ****************************************************
        
    public function Decrypt($pin$decryptThis$base$htmlEncode) {
            if(empty(
    $decryptThis)) {
                exit(
    "<br /><br /><span style='text-align:center; font-weight:bold;'>Please enter some text to decrypt.</span><br /><br />");
            }
            if(empty(
    $pin)) {
                exit(
    "<br /><br /><span style='text-align:center; font-weight:bold;'>A pin or password is required.</span><br /><br />");
            }
            
            if(
    $this->secretSet == 0) {
                
    $this->setSecrets("95781""cucuegjs""ufwhcjsh""sdgHJDgsdf");
            }
            
            
    $this->encrypt $decryptThis;
            if(
    $base == "1") {
                
    $this->encrypt base64_decode($this->encrypt);
            }
            
    $this->CreatePin($pin);
            
    $this->Step();
            
    $this->encrypt $this->CygDecrypt($this->encrypt);
            
            if(
    strpos("x".$this->encrypt$this->random3) !== false) {
                
    $this->encrypt preg_replace("/$this->random3/"""$this->encrypt1);
                
    $this->encrypt base64_decode($this->encrypt);
                
    $this->encrypt str_replace($this->pin""$this->encrypt);
                
    $this->encrypt $this->CygDecrypt($this->encrypt);
            } else {
                exit(
    "<br /><br /><span style='text-align:center; font-weight:bold;'>Incorrect Pin or Password.</span><br /><br />");
            }
            
            
    $this->encrypt $this->SplitDecrypt();
            
            if(
    $htmlEncode == "1") {
                
    $this->encrypt htmlentities($this->encrypt);
            }
            return 
    $this->encrypt;
        }

    // end class
    ?>
    I'd love to change the world, but they wont give me the source code.

  • #2
    Regular Coder
    Join Date
    Apr 2006
    Location
    Northbrook, IL
    Posts
    394
    Thanks
    8
    Thanked 6 Times in 6 Posts
    I have one suggestion (you won't like it though): please remove this code.

    If real security is important to you, I would avoid using any encryption algorithms not created by a cryptography expert.

    If you are using PHP, the only way to securely encrypt data for 99.9999% of coders is to use mcrypt_* functions: http://www.php.net/manual/en/functio...pt-encrypt.php

    Do NOT rely on anyone's home-cooked encryption schemes (including your own). And especially not one that claims, "...base64 encoding for added protection". base64 offers NO added protection. NONE.

    Read this:
    http://codahale.com/how-to-safely-store-a-password/
    https://www.cs.columbia.edu/~smb/tal...ty/tsld018.htm

    Don't be stupid, don't put yourself or your customers at risk.

    @jswany, Sorry to rain on your parade buddy, but recommending your own crypto scheme is akin to using advice from a 12 year old to build critical public infrastructure. No disrespect; I would say the same thing about anything I came up with myself when it comes to crypto.
    Last edited by Leeoniya; 11-01-2013 at 07:10 AM.
    "I only know that I know nothing."
    -Socrates

  • #3
    New Coder
    Join Date
    Jul 2009
    Location
    UK
    Posts
    89
    Thanks
    5
    Thanked 11 Times in 11 Posts
    Hi Leeoniya, thanks for your input.

    I will remove the code if the majority of people agree I should.

    I have not recommended this to anyone, I have only said
    I feel it is now at a point where it could be useful to others
    note the "could". I agree with you and would not use this to encrypt important data. I personally use it to pass data through the URL which would just be in plain text otherwise, I do this to try and deter people from trying to hack my websites, if it does or doesn't is a different story.

    To be honest I'm not sure why I wrote
    base64 encoding for added protection
    , you're right base64 adds no extra protection it only makes it return "readable" characters. I will remove this line from the script description.

    I only work with PHP for fun and as a hobby (it's not my job), I am always willing to learn and therefore I am grateful for your input but if anyone was looking to encrypt important data or sensitive data I hope they would not use this and use something written by professionals or use mcrypt as you suggested. Sorry if I have mislead anyone

    EDIT: I am unable to remove the line
    base64 encoding for added protection
    from the scripts comments as I am unable to edit the original post.
    I'd love to change the world, but they wont give me the source code.

  • #4
    Regular Coder
    Join Date
    Apr 2006
    Location
    Northbrook, IL
    Posts
    394
    Thanks
    8
    Thanked 6 Times in 6 Posts
    Quote Originally Posted by jswany View Post
    I personally use it to pass data through the URL which would just be in plain text otherwise...
    You can use mcrypt_* to do the same thing faster, with less code and more securely
    "I only know that I know nothing."
    -Socrates


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •