[Typo3-dev] OT: Encryption
Stephane
stephane.schitter at free.fr
Mon Apr 5 16:55:12 CEST 2004
Why not implement some algorithm proven to be effective for simple needs, suchs
as TEA : http://www.simonshepherd.supanet.com/tea.htm
The key would however need to always be 128bits (i.e. 16 characters), even if
you can find ways to use smaller keys (padding) or larger (repeating algorithm
with additional blocks like with 3-DES).
Regards,
Stephane
Selon "Martin T. Kutschker" <Martin.T.Kutschker at blackbox.net>:
> Kasper Skårhøj wrote:
> >
> > Question: If you do NOT know the value of
> > $this->TYPO3_CONF_VARS['SYS']['encryptionKey'] how can you decrypt the
> > scrambled output? Of course if
> > $this->TYPO3_CONF_VARS['SYS']['encryptionKey'] is short enough it could
> > be guessed but imagine you take the bible as the encryption key string
> > then you would have to use the exact character sequence of the whole
> > bible to decode the string again.
>
> I guess it's safe enough for the purpose but I'm no crypto expert either.
>
> > (The function roundTripCryptString() is new in TYPO3 tslib_fe class and
> > is used to encrypt the email address in mail forms so spammers does not
> > get a hold of it)
>
> You still might want to add a MD5 or SHA-1 hash of the encrypted (and
> other) passed arguments. Though even if the key was broken you'd detect
> a tampering with the args. Of course you MUST use a salt different from
> the encryption key.
>
> Masi
>
> _______________________________________________
> Typo3-dev mailing list
> Typo3-dev at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-dev
>
More information about the TYPO3-dev
mailing list