PHP中的简单加密 [英] Simple encryption in PHP
问题描述
我正在构建一个源代码系统,我将在网上发布提供可接受的虚拟宠物的网络。该系统将主要由孩子们所有。由于我希望它可以用于绝对的初学者程序员,我的系统有几个复杂性限制:它不能使用不常用于PHP的库,它不能触及数据库或写入其他永久存储
I'm building a with-source system which I am giving out on the 'net for providing adoptable virtual pets. The system will be owned mainly by kids. Since I want it to be usable for absolute beginner programmers, there are several complexity constraints on my system: It can't use libraries that don't commonly ship with PHP, and it can't touch a database or write to other permanent storage.
当每只宠物被采用时,访问者将随机获得该宠物的一系列稍微不同的变体之一。变化最初看起来是一样的,但随着时间的推移成长为不同的宠物。访问者将获得一个HTML代码,链接到他们宠物的形象。由于没有永久存储可用的服务器端,用户的映像链接必须包含所有信息,以确定他们最终获得的宠物变化。
When each pet is adopted, the visitor will randomly get given one of a series of slightly different variations of that pet. The variations initially look the same, but grow up over time to become different pets. The visitor will be given a short code in HTML which links to the image of their pet. Since there is no permanent storage available server-side, the user's image link must contain all of the information to determine which pet variation they ended up getting.
目前,该URL只包含宠物的ID和用户获得的变体的ID。这样做的问题是,通过将代码相互比较,用户可以弄清楚他们之间是否有相同的变化。由于某些变体比其他变体稀少,用户可以在差异甚至在视觉上显而易见的情况下轻松找到罕见的变体。
At the moment, the URL just contains the ID of the pet and the ID of the variation that the user got. The problem with this is that, by comparing codes with each other, the users can figure out who amongst them ended up with the same variation. Since some variations are rarer than others, users can spot the rare variations easily before the difference is even visually apparent.
我想要的是加密系统的详细信息网址。某些东西会遮蔽变体ID,以便每个用户以很高的可能性获得不同的URL。我想到使用变化ID(3或4位)作为大随机数的低位或高位,但用户将在此显示模式。理想情况下,加密系统将被参数化,以便我的系统的每次安装都使用稍微不同的加密。
What I would like is an encryption system for the details in the URL. Something that obscures the variation ID so that each user gets a different URL with high probability. I thought of using the variation ID (3 or 4 bits) as the low bits or high bits of a large random number, but the users will spot the pattern in this. Ideally the encryption system would be parametrized so that each installation of my system would use a slightly different encryption.
PHP的mcrypt库可能会有一些有用的东西,但它没有在主持人之间似乎很常见。
PHP's mcrypt library would probably have something useful in it, but it doesn't seem to be very common amongst hosters.
我可以在这里使用一个简单的参数化,混淆/加密吗?
Is there a simple, parametrized, obfuscation/encryption I can use here?
推荐答案
如果您期待相对较低的复杂程度,那么您可以做一个非常简单的xor加密,并将该键存储作为URL的一部分。那么你可以使用php的rand()或/ dev / random或其他任何东西生成密钥。
If you are expecting a relatively low sophistication level, then you can do a very simple "xor" encryption and "store" the key as part of the URL. Then you can just use php's rand() or /dev/random or whatever to generate keys.
低成本的用户不会很明白,他们需要做是他们的宠物ID的下半部分与上半部分获得可以与他们的朋友比较的值。我猜想大多数能够认识到发生这种情况的人不会花时间去弄清楚,而且这些人不在目标受众之外。
Low-sophistication users won't readily figure out that all they need to do is xor the lower half of their pet ID with the upper half to get a value which can be compared to their friends. I would guess most people who would be able to recognize that was what was going on wouldn't take the time to figure it out, and those people are outside of your target audience anyways.
编辑:如果不明显,我说你给每个宠物一个不同的钥匙(因为给同一个人不会解决你的问题)。因此,如果宠物变化(petvar)是16位数,则生成一个16位随机数(rnd),然后执行此操作: petvar =(petvar ^ rnd)< 16 | rnd; 然后你可以反转该操作来提取rnd然后petvar ^ rnd,然后再重新获取原始的petvar。
If it wasn't obvious, I'm saying you give a different key to every pet (since giving the same one would not solve your problem). So if the pet variation (petvar) is a 16 bit number, you generate a 16-bit random number (rnd), then you do this: petvar = (petvar^rnd)<<16 | rnd; and then you can reverse that operation to extract the rnd and then petvar^rnd, and then just xor it again to get the original petvar.
这篇关于PHP中的简单加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
