function urllogin_encrypt in urllogin 6
Same name and namespace in other branches
- 8 urllogin_security.inc \urllogin_encrypt()
- 7 urllogin_security.inc \urllogin_encrypt()
- 2.x urllogin_security.inc \urllogin_encrypt()
Encrypts a pair of integers
The encryption uses a "butterfly" technique similar to the DES's Feistel scheme. See for more details of the DES Instead of the Feistel function, sha256 is used. (This is probably way overkill but it is easy to code.) Another encryption algorithm can be plugged in here if desired.
Parameters
$i: First Integer, passed by reference
$j: Second Integer, passed by reference
$x: Extra byte, passed by reference
$passkey: String containing encryption key phrase
Nothin is returned.
1 call to urllogin_encrypt()
- urllogin_encode in ./
urllogin_security.inc - Encodes a user ID into an encoded url string.
File
- ./
urllogin_security.inc, line 50 - Include file for urllogin security functions. This module is designed for easy drop-in replacement where an alternative encryption model is required.
Code
function urllogin_encrypt(&$i, &$j, &$x, $passkey) {
$k = hash('sha256', $passkey, TRUE);
// sha256 produces 32 bytes, so could do 16 interations
for ($iter = 0; $iter < 8; $iter++) {
$tmp = $i;
$i = $j ^ _urllogin_inthash($i) ^ (ord($k[$iter * 2]) << 8 | ord($k[$iter * 2 + 1]));
$j = $tmp;
}
$x = ($i ^ $j ^ ord($k[16])) & 0xff;
// extra byte for added security
}