What I tried to do here is to create a function that will encrypt the same input into a completely different output each time it is called. The basis of this function is xor, but to prevent easy detection of duplicate patterns in a string. I added random hashing based on time and part of the string to self-determine on decription.
All I ask is if I made some mistakes here that could show the hidden text to an experienced person without making brute force on the line. (I know that php has a module only for encryption, but this is a poor version of mans if the encryption module is not available.) Second: I do not ask you to rewrite these functions or write something for me . I ask you to forgive the guide, which I did wrong. I know that one of the possible security breaches is that I use salsa by default, these are all zeros for an empty string, but the advantage is that it is the longest hash available in php, and secondly, what kind of fool will use blank password to protect your data?
function crapt($str,$pass,$hmac = false,$meth = 'salsa20') {
$hash = pack('H*',($hmac===false) ? hash($meth,$pass) : hash_hmac($meth,$pass,$hmac));
$str = gzdeflate($str,9);
$tmphash = pack('H*',sha1(sin(microtime(1))));
$str = $tmphash.((string)$str ^ (string)str_repeat($tmphash,strlen($str)/strlen($tmphash)+1));
$str .= pack('H*',sha1($str));
return (string)$str ^ (string)str_repeat($hash,strlen($str)/strlen($hash)+1);
}
function decrapt($str,$pass,$hmac = false,$meth = 'salsa20') {
$hash = pack('H*',($hmac===false) ? hash($meth,$pass) : hash_hmac($meth,$pass,$hmac));
$str = (string)$str ^ (string)str_repeat($hash,strlen($str)/strlen($hash)+1);
$check = substr($str,-20);
$str = substr($str,0,strlen($str)-20);
if(pack('H*',sha1($str))!==$check) return false;
$tmphash = substr($str,0,20);
$str = substr($str,20);
return gzinflate((string)$str ^ (string)str_repeat($tmphash,strlen($str)/strlen($tmphash)+1));
}
var_dump(decrapt(crapt('sometext','secretpassword'),'secretpassword'));