4  

I highly recommend the suggestions of Chris Kite. Without knowing more about what you're doing, why, and the threats you anticipate needing to protect against AES-128 is likely sufficient. The ability to use symmetric encryption is great for a standalone app that will be both the decryptor and encryptor of data. As both Chris Kite and Arachnid said, due to the small size of your data it's advised that you pad the data and use a random Initialization Vector.

我强烈推荐Chris Kite的建议。如果不了解您正在做什么,为什么以及您预计需要针对AES-128进行保护的威胁可能就足够了。对于既是解密器又是数据加密器的独立应用程序,使用对称加密的能力非常好。正如Chris Kite和Arachnid所说,由于数据量很小,建议您填充数据并使用随机初始化向量。

Update: As for why.... if the data is small enough, and the IV can be predicted, it's possible to brute force the plain-text by generating cipher-text for every combination of plain-text with the known IV and matching it up to the captured cipher-text. In short, this is how rainbow tables work.

更新:至于为什么....如果数据足够小,并且可以预测IV,则可以通过为已知IV和匹配的纯文本的每个组合生成密文来强制纯文本它取决于捕获的密文。简而言之,这就是彩虹表的工作原理。

Now if you're going to encrypt on one server and decrypt on another I'd go with the suggestions of pdavis. By using an asymmetric method you're able to separate the encryption keys from the decryption keys. This way if the server that encrypts data is compromised, the attacker is still unable to decrypt the data.

现在,如果您要在一台服务器上加密并在另一台服务器上解密,我会继续使用pdavis的建议。通过使用非对称方法,您可以将加密密钥与解密密钥分开。这样,如果加密数据的服务器遭到破坏,攻击者仍然无法解密数据。

If you're able to, it'd help the community to know more about your use case for the encryption. As I mentioned above, having a proper understanding of plausible threats is key when evaluating security controls.

如果您能够,它将帮助社区更多地了解您的加密用例。如上所述,在评估安全控制时,正确理解合理的威胁是关键。

6  

I like to use GnuPG for anything that needs to be encrypted on a server and then possibly decrypted either on the server or on another server (which is usually my case). This allows for an extra level of security since in my scenario the encrypting server doesn't have the key to decrypt the data. It also allows for easier manual decryption. There are a few good wrappers available for various languages (another advantage), one for PHP is GnuPGP PHP Class.

我喜欢将GnuPG用于需要在服务器上加密然后在服务器或其他服务器上解密的任何东西(通常是我的情况)。这允许额外的安全级别,因为在我的场景中,加密服务器没有解密数据的密钥。它还允许更容易的手动解密。有一些好的包装器可用于各种语言(另一个优点),一个用于PHP的是GnuPGP PHP Class。

6  

mcrypt is linked into most builds of PHP by default. It contains all the primitives you're likely to need. Without knowing more about what you're encrypting, what your threat model is, etc, it's hard to give concrete recommendations on what algorithm, mode of operation, etc to use.

默认情况下,mcrypt链接到PHP的大多数版本中。它包含您可能需要的所有原语。如果不了解您正在加密的内容,您的威胁模型等等,很难就使用何种算法,操作模式等提出具体建议。

One thing I can say for certain: With short text strings, it's more vital than ever that you MUST use a unique, random Initialization Vector. Otherwise, it's trivial for someone to mount a variety of attacks against the encrypted data.

有一点我可以肯定地说:对于短文本字符串,必须使用独特的随机初始化向量比以往任何时候都重要。否则,某人对加密数据进行各种攻击是微不足道的。

3  

Does it matter if anybody can decrypt it? If you're just trying to obfuscate it a little, use ROT13. It's old school.

是否有人可以解密它是否重要?如果您只是想稍微混淆它,请使用ROT13。这是老学校。

2  

If you want to encrypt and decrypt data within an application, you most likely want to use a symmetric key cipher. AES, which is the symmetric block encryption algorithm certified by the NSA for securing top secret data, is your best choice. There is a pure-PHP implementation available at www.phpaes.com

如果要在应用程序中加密和解密数据,则很可能希望使用对称密钥密码。 AES是NSA认证的对称块加密算法,用于保护绝密数据,是您的最佳选择。 www.phpaes.com上提供了一个纯PHP实现

For your use it sounds like AES128 is sufficient. You will want to use CBC mode with a random initialization vector, or else the same data will always produce the same ciphertext.

对于您的使用,听起来像AES128就足够了。您将希望将CBC模式与随机初始化向量一起使用,否则相同的数据将始终生成相同的密文。

Choosing the right encryption algorithm is a good first step, but there are many factors to a secure system which are hard to get right, such as key management. There are good resources out there, such as Applied Cryptography by Bruce Schneier, and Security Engineering by Ross Anderson (available for free online).

选择正确的加密算法是一个很好的第一步,但安全系统有很多因素很难做到,例如密钥管理。有很好的资源,例如Br​​uce Schneier的Applied Cryptography和Ross Anderson的安全工程(可在线免费获得)。

1  

I agree with Chris Kite - just use AES 128, this is far sufficient.

我同意Chris Kite - 只需使用AES 128,这就足够了。

I don't know exactly your environment, but I guess you're transmitting the data somehow through the internet.

我不确切知道你的环境,但我猜你是通过互联网以某种方式传输数据。

Don't use ECB, this will always produce the same result for the same plain text.

不要使用ECB,这将始终为相同的纯文本生成相同的结果。

CBC mode is the way to go and don't forget a random initialization vector. This vector has to be communicated with the cipher text and can be sent in the clear.

CBC模式是要走的路,不要忘记随机初始化向量。该向量必须与密文进行通信,并且可以以明文形式发送。

Regarding your data, since AES is a block cipher, the outcome is always a multiple of the block size. If you don't want to let the observer know if your data is short or long, add some padding to extend it up to the maximum expected size.

关于您的数据,由于AES是块密码,因此结果始终是块大小的倍数。如果您不想让观察者知道您的数据是短还是长,请添加一些填充以将其扩展到最大预期大小。

0  

Any one-way encryption algorithm such as Blowfish will do, I guess. Blowfish is fast and open. You can use Blowfish through the crypt() function. AFAIK there are no encryption algorithm that work especially well on small strings. One thing to be aware of though is that brute-forcing such small strings will be very easy. Maybe you should encrypt the string along with a 'secret' salt value for additional security.

我想,像Blowfish这样的任何单向加密算法都可以。河豚快速而开放。您可以通过crypt()函数使用Blowfish。 AFAIK没有加密算法在小字符串上工作得特别好。但有一点需要注意的是,强行使用如此小的字符串非常容易。也许您应该加密字符串以及“秘密”盐值以获得额外的安全性。

0  

You can use the general programming ideas without relying in built in encryption/decription functions Example create a function call it

您可以使用一般编程思想而不依赖于内置的加密/解密函数示例创建函数调用它

function encryptstring($string) {

$string_length=strlen($string);
$encrychars=""; 
/**
*For each character of the given string generate the code
*/
for ($position = 0;$position<$string_length;$position++){        
    $key = (($string_length+$position)+1);
    $key = (255+$key) % 255;
    $get_char_to_be_encrypted = SUBSTR($string, $position, 1);
    $ascii_char = ORD($get_char_to_be_encrypted);
    $xored_char = $ascii_char ^ $key;  //xor operation
    $encrypted_char = CHR($xored_char);
    $encrychars .= $encrypted_char;
} 
/**
*Return the encrypted/decrypted string
*/
return $encrychars;
}

On the page with link to include the id's required to be encrypted

在包含要包含要加密的ID的链接的页面上

   /**
    *While passing the unique value to a link
    *Do the following steps
    */

    $id=57;//or if you are fetching it automatically just pass it here
     /**
     *For more security multiply some value
     *You can set the multiplication value in config file
     */
     $passstring=$id*346244;
     $encrypted_string=encryptstring($passstring);
     $param=urlencode($encrypted_string);
     /**
     *Derive the url for the link
     */
     echo '<a href="target_file.php?aZ98#9A_KL='.$param.'">something</a>' ;

On the target file that get opened after the link is clicked

在单击链接后打开的目标文件上

     /**
      *Retriving the value in the target file
      *Do the following steps
      */
      $fetchid=$_GET['aZ98#9A_KL'];
      $passstring=urldecode(stripslashes($fetchid));
      $decrypted_string= encryptstring($passstring);
      /**
       *Divide the decrypted value with the same value we used for the multiplication
       */
      $actual_id= $decrypted_string/346244;