[cerbere]

Hi folks,

I want to encrypt a short (10-100 chars) string into a new
string of the same length, using a key of, say, 8 chars,
then decrypt it using the same key.

The original string and key contain only hexadecimal
characters ("0".."9", "A".."F"). So should the encrypted
string too.

I don't need high security, just a plain hacker- and robot-
proof barrier.

I don't want to use a package or module, I prefer writing
it myself (with your help if possible) :>) The encryption
and decryption should probably fit inside 40 lines of code.

Target language : Perl and/or PHP.
Pseudo-code welcome if readable !

Any ideas ? Thanks in advance.

[shaunak]

If you want something really simple to throw off bots, try the ROT13 algorithm.
http://en.wikipedia.org/wiki/ROT13

Logic:
if ( (int)(char>65 &&(int)char<=78 ) || ( (int)(char>97 &&(int)char<=110) )
{ char=char+13; }

else if ( (int)(char>78 &&(int)char<=90 ) || ( (int)(char>110 &&(int)char<=123) )
{ char = char-13; }

else{
char=char; // If you want to delete special chars, mod here.
}

[sunils]

If you want a simple one, then this can be used.

consider if your word is
hello
i will take 4 as the key,
no shift it..
It becomes
lipps
ie h->l, e->i,l->p,o->s 4th alphabet after the current one. This is the simplest of all.

[cerbere]

Thanks shaunak and sunils for your suggestions.

To see why I need that encryption, you can look at

http://ixedix.x10hosting.com/cgi-bin...CCCardCheck.pl

and at the 11th line of the page source. The hex string
contains (in the last 4 digits) the locations of the correct
numbers, and the digit before is the desired suit. This is
the string I want to encrypt before sending it via GET or
POST (last line).

[xPlozion]

well, if you're just trying to hash a simple captcha image, then str_replace with a simple hash database should do just fine .

also, by the looks of it, you've just added a string to the end of the code. although that may work, the rest of the captcha code is unencrytped and could be programmed to remove the last 5 characters of the string or to just retrieve the set number that you need to pass, then submit the return value.

PHP Code:

<?php
function simpleHash($str,$way=1)
{
  // $way == 1 // hash (redundant, and it's just to prevent errors)
  // $way == 2 // unhash (needs to be set as 2 after your string.  if it's empty, it'll get the value of 1)

  $unenc = array('0','1','2','3','4','5','6','7','8','9');
  $hash  = array('y','e','w','i','t','b','q','d','j','p');
  if ($way == 1)
    return str_replace($unenc,$hash,$str);
  elseif ($way == 2)
    return str_replace($hash,$unenc,$str);
}

echo simpleHash('194981842156');
// would return 'eptpjejtwebq'

echo simpleHash('eptpjejtwebq',2); // if there's no 2 at the end, it would try to rehash this string instead of unhash it.
// would return '194981842156'
?>

-xP

[xmakina]

It's not an encryption, but if you're just using it for a Captcha might I recommend you investigate PHP Sessions? They're exactly what you need to make a captcha work without revealing anything on the webpage.

[cerbere]

Here is a method I devised that fits my needs (it must have been
around since ENIAC). I XOR the key with packets of hex digits
from the the input string, using the binary value of the digits
(not the ASCII code). The hexcrypt function does both encryp-
tion and decryption.

Perl code :

Code:

$string = "0123456789ABCDEFBEBEBA0BAB0123CACA"; # any length
$keystr = "948D5E5"; # length <= 8

print "original  : \"$string\"   key = \"$keystr\"\n";
$enc = hexcrypt($string, $keystr);
print "encrypted : \"$enc\"\n";
$dec = hexcrypt($enc, $keystr);
print "decrypted : \"$dec\"\n";

sub hexcrypt
{
  my (@pac, $pacstr, $l, $pac, $pacenc, $format, $pacencstr);
  my @string = split(//, @_[0]); # the string to encrypt
  my $keystr = @_[1]; # the key
  my $key = hex($keystr); # the key in binary
  my $keylength = length($keystr);
  my $encstr = ""; # accumulator for returned string
  do
  {   
    @pac = splice(@string, 0, $keylength); # take out a packet of digits (or less at end)
    $pacstr = join("", @pac); # into a string
    $l = length($pacstr); 
    $pac = hex($pacstr); # convert to a 32-bit integer
    $pacenc = $pac ^ ($key >> ($keylength * 4 - 4 * $l)); # shift key right if $l < $keylength, and XOR
    $format = "%0" . sprintf("%.d", $l) . "X"; # we want the leading zeros
    $pacencstr = sprintf($format, $pacenc); # back into a string
    $encstr .= $pacencstr; # add to encrypted string
  }
  while scalar @string > 0;
return $encstr;  
}

Program output :

Code:

original  : "0123456789ABCDEFBEBEBA0BAB0123CACA"   key = "948D5E5"
encrypted : "95AE1B3EC17E287B33E0E3437EE4B74794"
decrypted : "0123456789ABCDEFBEBEBA0BAB0123CACA"

[sunils]

Congrats... There are lot of methods for encryption and decryptions. We have to choose the one which is afforable and the needed for our web application.