daily pastebin goal
7%
SHARE
TWEET

hash_crypt.php

a guest Jul 1st, 2016 236 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3.     /**
  4.     * Simple but secure encryption based on hash functions
  5.     *
  6.     * Basically this is algorithm provides a block cipher in ofb mode (output feedback mode)
  7.     *
  8.     * @author   Marc Wöhlken, Quadracom - Partnerschaft für Mediengestaltung, Bremen <woehlken@quadracom.de>
  9.     * @copyright Copyright 2006 Marc W&ouml;hlken, Quadracom - Partnerschaft für Mediengestaltung, Bremen
  10.     * @version Version 1.1, first public release
  11.     * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  12.     *
  13.     * @package hash_encryption
  14.     **/
  15.    
  16. class hash_encryption {
  17.     /**
  18.      * Hashed value of the user provided encryption key
  19.      * @var string
  20.      **/
  21.     var $hash_key;
  22.     /**
  23.      * String length of hashed values using the current algorithm
  24.      * @var int
  25.      **/   
  26.     var $hash_lenth;
  27.     /**
  28.      * Switch base64 enconding on / off
  29.      * @var bool    true = use base64, false = binary output / input
  30.      **/   
  31.     var $base64;
  32.     /**
  33.      * Secret value added to randomize output and protect the user provided key
  34.      * @var string  Change this value to add more randomness to your encryption
  35.      **/   
  36.     var $salt = 'Change this to any secret value you like. "d41d8cd98f00b204e9800998ecf8427e" might be a good example.';
  37.    
  38.  
  39.     /**
  40.      * Constructor method
  41.      *
  42.      * Used to set key for encryption and decryption.
  43.      * @param   string  $key    Your secret key used for encryption and decryption
  44.      * @param   boold   $base64 Enable base64 en- / decoding
  45.      * @return mixed
  46.      */
  47.     function hash_encryption($key,$base64 = true) {
  48.         // Toggle base64 usage on / off
  49.         $this->base64 = $base64;
  50.        
  51.         // Instead of using the key directly we compress it using a hash function
  52.         $this->hash_key = $this->_hash($key);
  53.        
  54.         // Remember length of hashvalues for later use
  55.         $this->hash_length = strlen($this->hash_key);
  56.     }
  57.        
  58.     /**
  59.      * Method used for encryption
  60.      * @param   string  $string Message to be encrypted
  61.      * @return string   Encrypted message
  62.      */
  63.     function encrypt($string) {
  64.         $iv = $this->_generate_iv();
  65.        
  66.         // Clear output
  67.         $out = '';
  68.        
  69.         // First block of output is ($this->hash_hey XOR IV)
  70.         for($c=0;$c < $this->hash_length;$c++) {
  71.             $out .= chr(ord($iv[$c]) ^ ord($this->hash_key[$c]));
  72.         }
  73.  
  74.         // Use IV as first key
  75.         $key = $iv;
  76.         $c = 0;
  77.  
  78.         // Go through input string
  79.         while($c < strlen($string)) {
  80.             // If we have used all characters of the current key we switch to a new one
  81.             if(($c != 0) and ($c % $this->hash_length == 0)) {
  82.                 // New key is the hash of current key and last block of plaintext
  83.                 $key = $this->_hash($key . substr($string,$c - $this->hash_length,$this->hash_length));
  84.             }
  85.             // Generate output by xor-ing input and key character for character
  86.             $out .= chr(ord($key[$c % $this->hash_length]) ^ ord($string[$c]));
  87.             $c++;
  88.         }
  89.         // Apply base64 encoding if necessary
  90.         if($this->base64) $out = base64_encode($out);
  91.         return $out;
  92.     }
  93.    
  94.     /**
  95.      * Method used for decryption
  96.      * @param   string  $string Message to be decrypted
  97.      * @return string   Decrypted message
  98.      */
  99.     function decrypt($string) {
  100.         // Apply base64 decoding if necessary
  101.         if($this->base64) $string = base64_decode($string);
  102.        
  103.         // Extract encrypted IV from input
  104.         $tmp_iv = substr($string,0,$this->hash_length);
  105.        
  106.         // Extract encrypted message from input
  107.         $string = substr($string,$this->hash_length,strlen($string) - $this->hash_length);
  108.         $iv = $out = '';
  109.        
  110.         // Regenerate IV by xor-ing encrypted IV from block 1 and $this->hashed_key
  111.         // Mathematics: (IV XOR KeY) XOR Key = IV
  112.         for($c=0;$c < $this->hash_length;$c++)
  113.         {
  114.             $iv .= chr(ord($tmp_iv[$c]) ^ ord($this->hash_key[$c]));
  115.         }
  116.         // Use IV as key for decrypting the first block cyphertext
  117.         $key = $iv;
  118.         $c = 0;
  119.        
  120.         // Loop through the whole input string
  121.         while($c < strlen($string)) {
  122.             // If we have used all characters of the current key we switch to a new one
  123.             if(($c != 0) and ($c % $this->hash_length == 0)) {
  124.                 // New key is the hash of current key and last block of plaintext
  125.                 $key = $this->_hash($key . substr($out,$c - $this->hash_length,$this->hash_length));
  126.             }
  127.             // Generate output by xor-ing input and key character for character
  128.             $out .= chr(ord($key[$c % $this->hash_length]) ^ ord($string[$c]));
  129.             $c++;
  130.         }
  131.         return $out;
  132.     }
  133.  
  134.     /**
  135.      * Hashfunction used for encryption
  136.      *
  137.      * This class hashes any given string using the best available hash algorithm.
  138.      * Currently support for md5 and sha1 is provided. In theory even crc32 could be used
  139.      * but I don't recommend this.
  140.      *
  141.      * @access  private
  142.      * @param   string  $string Message to hashed
  143.      * @return string   Hash value of input message
  144.      */
  145.     function _hash($string) {
  146.         // Use sha1() if possible, php versions >= 4.3.0 and 5
  147.         if(function_exists('sha1')) {
  148.             $hash = sha1($string);
  149.         } else {
  150.             // Fall back to md5(), php versions 3, 4, 5
  151.             $hash = md5($string);
  152.         }
  153.         $out ='';
  154.         // Convert hexadecimal hash value to binary string
  155.         for($c=0;$c<strlen($hash);$c+=2) {
  156.             $out .= $this->_hex2chr($hash[$c] . $hash[$c+1]);
  157.         }
  158.         return $out;
  159.     }
  160.    
  161.     /**
  162.      * Generate a random string to initialize encryption
  163.      *
  164.      * This method will return a random binary string IV ( = initialization vector).
  165.      * The randomness of this string is one of the crucial points of this algorithm as it
  166.      * is the basis of encryption. The encrypted IV will be added to the encrypted message
  167.      * to make decryption possible. The transmitted IV will be encoded using the user provided key.
  168.      *
  169.      * @todo    Add more random sources.
  170.      * @access  private
  171.      * @see function    hash_encryption
  172.      * @return string   Binary pseudo random string
  173.      **/
  174.     function _generate_iv() {
  175.         // Initialize pseudo random generator
  176.         srand ((double)microtime()*1000000);
  177.        
  178.         // Collect random data.
  179.         // Add as many "pseudo" random sources as you can find.
  180.         // Possible sources: Memory usage, diskusage, file and directory content...
  181.         $iv  = $this->salt;
  182.         $iv .= rand(0,getrandmax());
  183.         // Changed to serialize as the second parameter to print_r is not available in php prior to version 4.4
  184.         $iv .= serialize($GLOBALS);
  185.         return $this->_hash($iv);
  186.     }
  187.    
  188.     /**
  189.      * Convert hexadecimal value to a binary string
  190.      *
  191.      * This method converts any given hexadecimal number between 00 and ff to the corresponding ASCII char
  192.      *
  193.      * @access  private
  194.      * @param   string  Hexadecimal number between 00 and ff
  195.      * @return  string  Character representation of input value
  196.      **/
  197.     function _hex2chr($num) {
  198.         return chr(hexdec($num));
  199.     }
  200. }
  201. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top