Re: CCProtect (encrypt and decrypt cc's)
Iv not looked into the code to much, But keep in mind there is no way to be 100% secure. As long as there is a way for you to get the original data, So can others.
That video i sent you, Its really hard to get the prime numbers that created the results. The more bits, the bigger the number and more harder to break the number up. Not even the NSA can decode the encryption but sure there is other ways around getting information. Helps when company's also openly give them the data in plain text so they don't need to decrypt to much.
Quantum computers are around the corner that would try every single possibility at the same time, There is some way to keep data safe with Quantum computers that the laws of physics guarantees you safety. (apparently anyway)
Re: CCProtect (encrypt and decrypt cc's)
Hey don't even post here if you can't handle some constructive criticism, i'm completely right no matter how you look at it. Maybe you don't understand and thats cool but no need to de-rep me for trying to explain your crappy way of encrpytion to you.
Look, if I put in my cc # 2 times i'm going to get 2 different results. Why? Because you randomize your string everytime making this useless.
Re: CCProtect (encrypt and decrypt cc's)
Quote:
Originally Posted by
JaydenC
Hey don't even post here if you can't handle some constructive criticism, i'm completely right no matter how you look at it. Maybe you don't understand and thats cool but no need to de-rep me for trying to explain your crappy way of encrpytion to you.
Look, if I put in my cc # 2 times i'm going to get 2 different results. Why? Because you randomize your string everytime making this useless.
What are you takling about? Randomize what string? I'm really getting tired of your bullshit criticism because you clearly know nothing about what you're saying.
Re: CCProtect (encrypt and decrypt cc's)
Quote:
Originally Posted by
Zensai
What are you takling about? Randomize what string? I'm really getting tired of your bullshit criticism because you clearly know nothing about what you're saying.
Did you even code this? String = encrypted credit card number. It will be different every time you enter it. If you used any of PHP's encryption methods with a credit card number it will always be the same.
Re: CCProtect (encrypt and decrypt cc's)
Quote:
Originally Posted by
JaydenC
Did you even code this? String = encrypted credit card number. It will be different every time you enter it. If you used any of PHP's encryption methods with a credit card number it will always be the same.
Sorry to interrupt, but what are you talking about?
Your logic sucks, sure you have parts right.
When you take the MD5 function with the CC number it will always be the same hash and you can't retreive the data from it. Adding a random string to the CC number without storing it somewhere else makes it impossible to check if it's the same.
Using the crypt function it generates everytime another hash and you can't retreive the data from it. And the nice part is, you can still check if it's the same, ofcourse only the user knows the original value.
Example can be found:*** removed ***play arround with that.
Unlike everything I've typed above, is this not a HASH class. Hash is mostly used to store user passwords because you can't decrypt it. With this class you CAN decrypt a value encrypted by this class.
But let me quess, you thought you checked the encoded string with each other and yes, that's not possible. You have to decrypt the encoded strings before you compare it. Makes sence right?
Re: CCProtect (encrypt and decrypt cc's)
Quote:
Originally Posted by
Joopie
Sorry to interrupt, but what are you talking about?
Your logic sucks, sure you have parts right.
When you take the MD5 function with the CC number it will always be the same hash and you can't retreive the data from it. Adding a random string to the CC number without storing it somewhere else makes it impossible to check if it's the same.
Using the
crypt function it generates everytime another hash and you can't retreive the data from it. And the nice part is, you can still check if it's the same, ofcourse only the user knows the original value.
Example can be found:
PHP CRYPT play arround with that.
Unlike everything I've typed above, is this not a
HASH class. Hash is mostly used to store user passwords because you can't decrypt it. With this class you
CAN decrypt a value encrypted by this class.
But let me quess, you thought you checked the encoded string with each other and yes, that's not possible. You have to decrypt the encoded strings before you compare it. Makes sence right?
You're right but this function will still randomize everytime, no matter how you look at it. That's all I was trying to say.
Re: CCProtect (encrypt and decrypt cc's)
Quote:
Originally Posted by
JaydenC
You're right but this function will still randomize everytime, no matter how you look at it. That's all I was trying to say.
It randomize everytime because the password changes everytime /facepalm
Re: CCProtect (encrypt and decrypt cc's)
Quote:
Originally Posted by
Zensai
It randomize everytime because the password changes everytime /facepalm
I understand that. . . but if you put in the same credit card number twice you will get 2 different outcomes. Thats all i'm saying.
Re: CCProtect (encrypt and decrypt cc's)
Quote:
Originally Posted by
JaydenC
I understand that. . . but if you put in the same credit card number twice you will get 2 different outcomes. Thats all i'm saying.
As Joopie said, what is the problem?
You make no sense at all.
Re: CCProtect (encrypt and decrypt cc's)
The point JaydenC means is following:
Let's say person one stores his/her cc in your db via encryption above. He/She pays a product on your page with his/her cc for example.
Now the only reason why to keep this data that cannot be de-crypted to it's original data (due random string) is to compare it with other credit cards only. But even that will not work, because user2 puts the same cc in your db but the output is completely different. Instead of a random string you should store a fixed string anywhere, otherwise it's not possible to use the stored cc data for any use.
That's his point.
Also the fact this:
PHP Code:
$protection = new CCProtect;
$cc = array(
'firstname' => 'Krista',
'lastname' => 'Sheppard',
'dob' => 'August 11, 1932',
'cardnumber' => '4916 5210 7061 9044',
'cvv2' => '769',
'expire' => array(
'month' => '6',
'year' => '2015',
),
);
$cc2 = $protection->decrypt($protection->encrypt($cc), 75));
... does not work ($cc is not the same like $cc2) makes it an encryption without decryption only.
Then it's easier to put everything as salted string into md5.
Re: CCProtect (encrypt and decrypt cc's)
Quote:
Originally Posted by
שเ๒єtгเ๒є
The point JaydenC means is following:
Let's say person one stores his/her cc in your db via encryption above. He/She pays a product on your page with his/her cc for example.
Now the only reason why to keep this data that cannot be de-crypted to it's original data (due random string) is to compare it with other credit cards only. But even that will not work, because user2 puts the same cc in your db but the output is completely different. Instead of a random string you should store a fixed string anywhere, otherwise it's not possible to use the stored cc data for any use.
That's his point.
So ...
PHP Code:
$protection = new CCProtect;
$cc = array(
'firstname' => 'Krista',
'lastname' => 'Sheppard',
'dob' => 'August 11, 1932',
'cardnumber' => '4916 5210 7061 9044',
'cvv2' => '769',
'expire' => array(
'month' => '6',
'year' => '2015',
),
);
$cc2 = $protection->decrypt($protection->encrypt($cc), 75));
So $cc will not equal to $cc2, so it's unable to decrypt cc's. ...
No, this is a two way encryption. The encryption password is stored in the final big int string. The decryption function will get the password, decode the string and then figure out what field the encrypted cc is stored in. When that is found it will decrypt the message with the random password generated (that's stored in the final big int) and return that.
It doesn't matter how long the message you wan't encrypted is, what it is or what kind of type characters it is.
I don't know where you guys get this "random string" thing from either.
Since it's really hard for you guys to understand an example is coming up.
Re: CCProtect (encrypt and decrypt cc's)
Quote:
Originally Posted by
שเ๒єtгเ๒є
*Some weard shit...*
If you're right, then my apache server lies to me...
*** removed ***
Re: CCProtect (encrypt and decrypt cc's)
Here's a live demo:
http://goo.gl/T4Tb5L
Script:
PHP Code:
<?php
class CCProtect {
private function pekkaEncode($s) {
$out = '';
for ($i=0;$i<strlen($s); $i++) {
$out .= sprintf("%03d", ord($s[$i]));
}
return $out;
}
private function pekkaDecode($s) {
$out = '';
for ($i=0;$i<strlen($s);$i+=3) {
$out .= chr($s[$i].$s[$i+1].$s[$i+2]);
}
return $out;
}
private function generateRandomString($length = 10) {
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$randomString = '';
for($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, strlen($characters) - 1)];
}
return $randomString;
}
private function mCrypt($text, $salt) {
return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($salt), $text, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))));
}
private function mDecrypt($text, $salt) {
return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($salt), base64_decode($text), MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)));
}
public function encrypt($content) {
$response = array(
0 => rand(1000, 9999),
1 => rand(1000, 9999),
2 => rand(1000, 9999),
3 => rand(1000, 9999),
4 => rand(1000, 9999),
5 => rand(1000, 9999),
6 => rand(1000, 9999),
7 => rand(1000, 9999),
8 => rand(1000, 9999),
9 => rand(1000, 9999),
10 => rand(0, 9),
11 => rand(0, 9),
12 => rand(0, 9),
13 => rand(0, 9),
14 => rand(5, 9),
15 => '',
16 => '',
17 => '',
18 => '',
19 => '',
20 => '',
21 => '',
22 => '',
23 => '',
24 => '',
25 => '',
);
$rand = rand(10, 14);
$combination = str_split($response[$response[$rand]], 1);
$password = $response[$combination[0]] . $response[$combination[1]] . $response[$combination[2]] . $response[$combination[3]];
if(is_array($content)) {
$content = json_encode($content);
}
$content_length = strlen($content);
$content_field = rand(20, 25);
$store_content_field = 10 + $response[14];
for($i=15; $i <= 19; $i++) {
if($i == $store_content_field) {
$response[$i] = $this->mCrypt($content_field, $password);
} else {
$response[$i] = $this->mCrypt(rand(10, 99), $password);
}
}
for($i=20; $i <= 25; $i++) {
if($i == $content_field) {
$response[$i] = $this->mCrypt($content, $password);
} else {
$response[$i] = $this->mCrypt($this->generateRandomString($content_length), $password);
}
}
$json = json_encode($response);
$string = $password . $this->pekkaEncode(str_rot13(convert_uuencode($json)));
$string = str_split($string, 4);
$string = implode(' ', $string);
return trim($string);
}
public function decrypt($string) {
$string = str_replace(' ', '', $string);
$password = substr($string, 0, 16);
$decoded = json_decode(convert_uudecode(str_rot13($this->pekkaDecode(substr($string, 16)))));
return trim($this->mDecrypt($decoded[$this->mDecrypt($decoded[10 + $decoded[14]], $password)], $password));
}
}
$protection = new CCProtect;
$cc = array(
'firstname' => 'Krista',
'lastname' => 'Sheppard',
'dob' => 'August 11, 1932',
'cardnumber' => '4916 5210 7061 9044',
'cvv2' => '769',
'expire' => array(
'month' => '6',
'year' => '2015',
),
);
?>
<html>
<head>
</head>
<body>
<h1>CCProtect example</h1>
<?php
$action = (isset($_GET['action']))?$_GET['action']:'encrypt';
switch($action) {
case 'decrypt':
echo '
<form action="?action=showdecrypt" method="POST">
Enter your encrypted message:<br />
<textarea style="height: 680px; width: 660px" name="message"></textarea><br>
<input type="submit" value="Decrypt!">
</form>
';
break;
case 'showdecrypt':
if(!isset($_POST['message'])) {
header("Location: ?action=error");
exit;
}
$message = $_POST['message'];
echo '
Here is the decrypted result of your message:<br />
<textarea style="height: 680px; width: 660px">' . $protection->decrypt($message) . '</textarea><br>
<a href="?action=encrypt">Encrypt another message</a>
';
break;
case 'showencrypt':
if(!isset($_POST['message'])) {
header("Location: ?action=error");
exit;
}
$message = $_POST['message'];
echo '
Here is your message encrypted!<br />
<textarea style="height: 680px; width: 660px">' . $protection->encrypt($message) . '</textarea><br>
<a href="?action=decrypt">Decrypt this message</a> (copy & paste) - <a href="?action=encrypt">Encrypt another message</a>
';
break;
case 'encrypt':
echo '
<form action="?action=showencrypt" method="POST">
Encrypt a message:<br />
<textarea style="height: 680px; width: 660px" name="message"></textarea><br>
<input type="submit" value="Encrypt!">
</form>
';
break;
case 'error':
echo 'Something went wrong when trying to complete your action. Please try agian.<br><a href="?action=encrypt">Go back</b>';
break;
default:
echo '';
}
?>
</body>
</html>
Re: CCProtect (encrypt and decrypt cc's)
Quote:
Originally Posted by
Joopie
*Some weard shit...*
Do not quote me instead!
---
Quote:
Originally Posted by
Zensai
No, this is a two way encryption. The encryption password is stored in the final big int string. The decryption function will get the password, decode the string and then figure out what field the encrypted cc is stored in. When that is found it will decrypt the message with the random password generated (that's stored in the final big int) and return that.
I explained JaydenC's point of view. Thanks for pointing this out, because I did not follow the code line by line to test the algorithm as well as I do not own an apache to test it here.
Quote:
Originally Posted by
Zensai
I don't know where you guys get this "random string" thing from either.
Maybe because of the private function called generateRandomString that is only called within the function encrypt?
Anyway, cheers.
