How to do decryption in php ?!

  • Meemto
  • Born
  • Born
  • Meemto
  • Posts: 3

Post 3+ Months Ago

Need your help ..

I have used this codes in php for encryption ..

The following is encryption code:
<?php

$pass = 'Alice'; // the password
$passlength = strlen($pass); // check the length of the password
$pass= str_split($pass); // create an array of all letters
$ekey = '126354'; // example key, you can replace it with any key you want, not limited to 6
$ekeylength = strlen($ekey); // check the length of the key
$ekey = str_split($ekey); // create an array of all numbers in the key
$newpass = ''; // initiate the encrypted password variable

if($passlength == $ekeylength)
{ // do a loop if password length is equal to key length
for($x=1; $x<=$ekeylength; $x++)
{
$newpass .= $pass[$ekey[$x-1]-1]; // do a loop to create the new ecrypted password based on the key provided
}
}


else
{
for($x=1; $x<=$ekeylength; $x++)
{ // do a loop to replace any missing value with x. You can replace x with anoy other characters
if($x > $passlength)

$pass[$x-1] = 'x';

}
for($x=1; $x<=$ekeylength; $x++)
{ // do a final loop to create the new ecrypted password based on the key provided
$newpass .= $pass[$ekey[$x-1]-1];
}
}
echo $newpass; // testing the newpassword. You should remove this line for real implementation

?>

It works perfectly ..

But I need to know how to do the reverce , mean Decryption ?!

Which statemant should be changed to achive decryption ?!
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • WritingBadCode
  • Graduate
  • Graduate
  • User avatar
  • Posts: 214
  • Loc: Sweden

Post 3+ Months Ago

I would suggest staying to the implemented encryption and decryption functionality that PHP provides.

You can't expect to decrypt every password if you use that encryption (at least not without guess work), why? Cus there are a bunch of collisions.

For instance the password: x will result in the same encrypted password as xx or xxx or xxxx would. The password abc123123 and abc123 will also result in the same encryption: ab3c21. Basically you can decrypt it and get a hint to some chars but the possibilities will be endless. At least almost.

Collisions are a weakness, since lets say user uses: abc123123 as in the example above, that is a fairly strong and long password. However a hacker doing brute-force hacking can guess "abc123", thats just 6 chars and gain access to this persons account (using your example).

Also why would you want to decrypt the passwords? You want to look into two way encryptions for that, however if you can decrypt it then its also more likely that hackers will be able to do that, if they can just gain access to your database more recommended would be one way encryption using unique salts.
  • Zealous
  • Guru
  • Guru
  • User avatar
  • Posts: 1244
  • Loc: Sydney

Post 3+ Months Ago

interesting reply WBC

O.k so off the top of my head most php software lets say for example SMF. The script encrypts the data into SQL and correct me if i am wrong about this but when you login does it not hash check the encrypted salt in the DB then allowing access. So even if you did get the DB it would take forever to crack the Hash.

i wonder if rainbow tables could be used to crack the hash. lolol

Post Information

  • Total Posts in this topic: 3 posts
  • Users browsing this forum: No registered users and 103 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.