0

CygnusCrypt – Encryption

This class is now available on PHPClasses.org and GitHub.

View the latest updates here

So I recently wrote a script that will use a basic encryption to encrypt text (located here). I say basic as it uses the Caesar Cipher encryption technique, this is one of the most basic forms of encryption. Caesar Cipher uses letter step to encrypt text,

letterStep

The above image shows how this method works, each letter is ‘stepped’ to the right, so A becomes B and B becomes C and so on. As you can see this is as I said basic and could be cracked by anyone. In my encryption program I have slightly changed this so the letters are random,

LetterStep2

This as you can see makes it a little harder. This is how my encryption program works if you don’t select any other options.


EDIT:


I have now updated the programs letter step function, all characters are located in the same array (Capitals, lowercase, numbers and special chars) these are randomly put into the array (for ease: an array is a group of data) then it checks the position of the character and returns the character from that position in a second array of randomly placed characters.

I have also added the option to use base64 encoding as an added form of encryption, again like the Caesar Cipher it can be decoded easily but to novices it will look very confusing and help hide the message that is being encrypted.

Now the script was complete, but then I thought, well what use is it to anyone or to me if it can be cracked so easily so I looked at adding an extra form of protection. For this I decided to use a pin number to secure the message. Now when a user enters a pin to encrypt their message it encrypts it as above using the Casar Cipher method then once this is done it multiplies the pin the user chose with a secret number and adds this to each side of each character in the message, then it goes on to encode the whole message with base64.

Although I now thought this was complete it is still crackable, once the base64 encoding has been decoded it would be easy to tell what is the message as each letter would be separated by the same numbers, so once decoded you’d remove the numbers separating the letters in the message and then go on to decrypt the message.

For another added level of protection I am going to add a patch to how it uses the pin. once it has applied the numbers either side of each character and been base64 encoded I will make the program use my version of the Caesar Cipher to encrypt the whole thing again, thus making it even harder to crack, yet I must stress it is still crackable to professionals.

I have noticed an issue with running the encrypted message back through my program, for loss of other words it makes it ridiculously long. To solve this I have used a smaller secret number. Good job this is just for fun 😛


UPDATE:


It seems there are some issues with using a pin larger than the number 9, why I am unsure.


UPDATE:


I have now changed the way in which the pin is applied, previously it was inserted either side of each character in the encrypted string, it still is applied in a similar way but is split into multiple chunks to make it harder to decrypt, this has also solved the issue with the size of the pin…. some how :/


UPDATE:


Once again I have revised my program, I have had to make a few changes. First I have removed the ability to encrypt special characters as this was causing some issues, I believe this was down to character encoding. Second the program now checks if a pin has been used, if a pin has been used and not used to decrypt then the program will exit and not display a half decrypted string as it did before.


UPDATE:


I have now changed my program and re-written the code, it is now written as a class with methods that make it easier to use in programs. I have also updated the way in which the pin is used and is checked for to be more cryptic 🙂 at this time I am still finding and working out the bugs, for instance one I have just solved was the pin check, the way in which I had done it stopped you being able to decrypt something that had been encrypted twice using passwords. This was because I used
str_replace

to remove the pin check from the encrypted information and

str_replace

replaces all occurrences in a string so now I use

preg_replace($needle, "", $haystack, 1)

and the 1 tells it to only replace the first occurrence.


UPDATE:


Having now changed my program into a class I have been able to successfully use this encryption to pass variables using the GET method on one of my websites, this allows me to send a private/public key using the GET method with better security. This program started as a basic encryption and is rapidly becoming a complex encryption. I plan to make the pin method more effective by using that to determine the character step I explained at the beginning of this post. Once I make the pin improvements I will look at releasing the source code though I would like to make this the best I can before I release it as I am now using it on some of my sites, and well I don’t want to lessen my security 😛


UPDATE:


I have now started work on using the pin encryption to determine the character step, it now takes the pin and multiplies it by a secret pin, this is then rounded off to a whole number and divided until it reaches a number that is less than or equal the total number of characters it can encrypt. Once it is less than or equal to the number of characters it can encrypt it uses that as the step position, the string is then encrypted using the step position and the pin is then added to a random position in the string (string being the data to encrypt). This is then encrypted using the caesar cipher method, then the program adds a string of characters to a random position and encrypts it using the caesar cipher again. This makes the encryption much harder to crack as the pin determines the encryption, without the pin you would have great difficulty decrypting the information, I’m not say it couldn’t be done but it would be hard and novices wouldn’t stand a chance. Because the way this works and now being a class, if used on a website you could create a pin that changes on a daily/hourly basis and use that to encrypt a link that your website would only be able to decrypt for a period of time, this would be useful for one of downloads or limited times only. However because of these improvements a pin is now required.


UPDATE:


Once again I have updated my program, now at v 2.1 I have added the ability to encrypt all ASCII characters and added an option to the class which will allow the user to view the encrypted/decrypted text using HTML Entities, this stops issues with displaying some of the characters on a website. I still have a bug with the pin, in that if you get the pin wrong it displays the encrypted text, albeit incorrectly. When the pin is entered correctly it decrypts and displays the information as it should. Ideally it should exit with an error when the pin is incorrect rather than display the encrypted text. I believe the issue may be with the
if(preg_match($this->encrypt, "pin")){

statement. I will continue to look into this and when this is solved I will look at getting the code on GitHub or PHPClasses for others to use.


UPDATE:


I have now added yet a further form of encryption to my program, now when the class is called it splits the string into multiple strings (in an array) and encrypts them using the Caesar Cipher method and finally joining it back into a string to be passed through the rest of the class.


UPDATE:


So it turns out I was just being a little stupid when it came to the pin issue. The issue was that I changed the encryption function/method to encrypt the data using the pin, however when the pin is incorrect the method has no way of knowing that it is incorrect so just continued as usual. I have now rectified this and the program will now exit if the pin is incorrect.


UPDATE:


I have now released the source code for this class on my GitHub page and soon hope top have it approved on PHPClasses.org. Any suggestions for improvements, whether that be added layers of encryption or ways to streamline my code I would appreciate it.


Latest UPDATE:


This encryption has evolved massively since version 1. Version 1 was a very simple letter step that a novice could probably solve, however it is now a complex letter scramble algorithm. Since the last update a few changes have been made.
It now has the ability to allow the user of the script to set three different secrets and one private key or pin. The new usage has been updated in the ReadMe and example.php. Also the public variable “encrypt” has been changed to “output” as this is used for both encryptions and decryptions.


Planned Updates:


  • Add _mcrypt functionality
  • Add File encryption abilities
  • Add the ability to create secrets based on website details if no secrets are specified by the user.

CygnusH33L

Leave a Reply

Your email address will not be published. Required fields are marked *