NYCPHP Meetup

[Chris Snyder]

I picked up the simple encryption scheme below a couple years ago from a 
comment in the PHP manual. I'm a little curious about its origins -- 
I've seen it referred to as "triple md5", but Google doesn't have much 
to say about that, and I suspect it was a euphemism. The original 
comment has since been deleted.

Does anyone recognize this, or care to comment on its ability to 
withstand anything more than casual snooping? It has the advantage of 
being available in setups without mcrypt support, but a false sense of 
security is worse than none at all.

And by the way, what method do -you- recommend for encrypting data that 
needs to be decrypted later?

> function keyED($txt,$encrypt_key) {
>     $encrypt_key = md5($encrypt_key);
>     $ctr=0;
>     $tmp = "";
>     for ($i=0;$i<strlen($txt);$i++) {
>         if ($ctr==strlen($encrypt_key)) $ctr=0;
>         $tmp.= substr($txt,$i,1) ^ substr($encrypt_key,$ctr,1);
>         $ctr++;
>         }
>     return $tmp;
>     }
>
> function hex2bin($data) {
>     $len = strlen($data);
>     for($i=0;$i<$len;$i+=2) {
>         $newdata .= pack("C",hexdec(substr($data,$i,2)));
>         }
>     return $newdata;
>     }
>
> function encrypt($txt, $key="") {
>     srand((double)microtime()*1000000);
>     $encrypt_key = md5(rand(0,32000));
>     $ctr=0;
>     $tmp = "";
>     for ($i=0;$i<strlen($txt);$i++) {
>         if ($ctr==strlen($encrypt_key)) $ctr=0;
>         $tmp.= substr($encrypt_key,$ctr,1) . (substr($txt,$i,1) ^ 
> substr($encrypt_key,$ctr,1));
>         $ctr++;
>         }
>     return bin2hex(keyED($tmp,$key));
>     }

> function decrypt($text, $key="") {
>     $bin= hex2bin($text);
>     $txt = keyED($bin,$key);
>     $tmp = "";
>     for ($i=0;$i<strlen($txt);$i++) {
>         $md5 = substr($txt,$i,1);
>         $i++;
>         $tmp.= (substr($txt,$i,1) ^ $md5);
>         }
>     return $tmp;
>     }