Secure encryption for short strings in PHP and Java

Question

Secure encryption for short strings in PHP and Java

here is my first question:

I want a PHP script to include an encrypted user id on every page. Then I will read it using JS and send it to the Java server, where I decode the value.

I want to make it safe so that people cannot fake their identifiers. (Do not worry, this will not be used for authentication.)

Encrypted identifiers can be columns with the automatic addition of MySQL 1,2,3 .. and I am not able to change this.

These properties would be good:

Encrypted identifiers should only be valid during the day, ideal for single use / second
Encrypted identifiers should not be easily tampered with (ideally even by the users themselves).

Feel free to suggest other types of solutions. Thank!

+3

java php encryption

hakunin Jan 11 '11 at 9:01

source share

4 answers

- , , , . , , .

+1

jerluc 11 . '11 9:22

, , . , IMEI ( ) - http://en.wikipedia.org/wiki/Luhn_algorithm

0

Matt Asbury 11 . '11 9:08

-, JavaScript, , .

PHP: PHP JavaScript ( AJAX.)

, :

encrypt.php

<?php 
    $password = "KEYVALUE"; 
    $secret_text = "USERID HERE"
    $encrypted_text = mcrypt_ecb(MCRYPT_DES, $password, $secret_text, MCRYPT_ENCRYPT); 
    echo $encrypted_text;
?>

Then you have something called decrypt.php and all that is is to accept the GET argument, and ONLY the output is the decrypted text (HTML code or something else. Technically, you should probably use XML for AJAX, only one value ...)

decrypt.php

<?php 
    $password = "KEYVALUE"; 
    $decrypted_text = mcrypt_ecb(MCRYPT_DES, $password, $_GET['decrypt'], MCRYPT_DECRYPT); 
    echo $decrypted_text;
?>

You can check it by calling

decrypt.php? Decrypt = encrypted_string

.

From here, I would call the "decrypt.php? Decrypt = encrypted_string" script from JavaScript, and JavaScript can then read the decrypted value.

A brief introduction to AJAX can be found here: http://www.yourhtmlsource.com/javascript/ajax.html .

0

joshhendo Jan 11 '11 at 9:14

source share

templatetypedef · Accepted Answer · 2011-01-11T09:12:16+0000

Using a safe hash function for a hash may be a good idea to combine a user ID and some value that changes periodically. For example, you can select a 128-bit random number every day, and then set the ID for the hash of this value, combined with the user ID. Assuming you're using a good hash like SHA-256, this is cryptographically secure.

Secure encryption for short strings in PHP and Java

More articles: