Shulou(Shulou.com)06/03 Report--

PHP+MySQL applications how to use XOR encryption algorithm, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can gain something.

Principle of XOR algorithm

From the point of view of the main methods of encryption, the transposition method is too simple, especially for the case of small amount of data, it is easy to guess the plaintext from the ciphertext, and the substitution method is an effective and simple algorithm.

From the characteristics of various substitution operations, XOR operation is the most suitable for simple encryption and decryption operations. the principle of this method is that when one number An and another number B perform XOR operation, another number C will be generated. If C and B are XOR, C will be restored to A.

Compared with other simple encryption algorithms, the advantages of XOR algorithm are as follows.

The main results are as follows: (1) the algorithm is simple and can be easily implemented for high-level languages.

(2) it is fast and can be used at any time and anywhere.

(3) it is valid for any character, unlike some simple encryption algorithms, which are only valid for western characters, and can not be restored to the original characters after Chinese encryption.

Implementation of XOR algorithm

The previous section described how to use the XOR operation for encryption / decryption, which is used in this section to encrypt the user's login information. According to the principle of the XOR encryption algorithm introduced in the previous section, it is not difficult to write the following encryption and decryption functions. First list the encryption algorithms.

Line 4 defines the encryption function myEncrypt (). The input parameter $string is plaintext and $key is the key; the output is the ciphertext generated using $key as the key and using the XOR encryption algorithm.

The outer for loop on lines 6-12 loops each character of the plaintext string, while the inner for loop (lines 8-11) does an exclusive or operation on each character loop of the plaintext and every bit of the key. Its principle has been introduced in the previous section and will not be repeated.

Similarly, similar to the encryption function, you can write the following decryption function.

/ / decryption function functionmyDecrypt ($string,$key) {for ($iposit / I < STRLEN ($STRING); / / for ($string [$I] = $key [$j] ^ $string [$I];}} return$string;}? >

Line 4 defines the decryption function myDecrypt (), with the input parameter $string as ciphertext and $key as key; the output is plaintext generated using $key as the key and using the XOR decryption algorithm.

Next, an application example is given to further illustrate the function of the encryption function.

/ / example $my_password= "chair"; echo "my_password=$my_password"; $my_key= "1234567890"; $my_password_en=myEncrypt ($my_password,$my_key); echo "my_password_en=$my_password_en"; $my_password_de=myDecrypt ($my_password_en,$my_key); echo "my_password_de=$my_password_de"

Line 3 first defines a plaintext $my_password, followed by the key $my_key on line 4.

Lines 5 and 6 respectively call the encryption function to generate and output the ciphertext; in turn, the ciphertext is decrypted on lines 7 and 8.

The running result of the above example is as follows.

My_password=chair

My_password_en=RYPXC

My_password_de=chair

Using XOR algorithm to realize identity Verification

The first two parts introduce the principle and implementation of information encryption / decryption using XOR operation respectively. Next, we will use this method to encrypt the user's login password. In this example, in order to protect the user's password, the system wants to achieve the following goals.

When the user registers, the user needs to write the user password form.

No one but the user has access to their password information, including system designers and database administrators.

The system can verify the validity of the user according to the password entered by the user.

In order to achieve the above purpose, when using the XOR algorithm, you can select the user name as the plaintext, and the key is the user-defined password, and then store the encrypted user name in the database.

In addition, when a user logs in, there are two ways to authenticate a legitimate user.

(1) re-encrypt according to the user name (plaintext) and password (key) information submitted, and compare the encrypted information with the password information stored in the database. If equal, the user is legal, otherwise, it is an illegal user.

(2) decrypt the password information stored in the database (plaintext) and the password (key) information entered by the user, and compare the encrypted information with the user name submitted by the user. If equal, the user is legal, otherwise, is an illegal user.

The third goal can be achieved in both ways, and the second approach will be used in this example. The implementation code of this example can be implemented on the basis of the implementation of 18.4.1 "user login" and 18.4.2 "check user", in which the "user login" page does not need to be changed, and the implementation reference of "check user" is as follows.

Line 7 introduces the encryption function file encrypy_xor.php, including the two functions described in the previous section.

In line 19, the encrypted password value is obtained using the user name and password submitted by the user, and for new users, the encrypted value is stored in the database on line 44.

In addition, for regular users, the user name and encrypted password information in the database are obtained at 24, and decrypted using these two values on line 25, and then the validity of the user is checked by comparing the decrypted value with the user name information submitted by the user on line 28.

Automatically generate key

The last part describes how to use the XOR encryption algorithm to encrypt user information, in which the password information entered by the user actually becomes the key in the encryption algorithm, and the user name is used as plaintext, although this can complete the function well, but logically, this method seems unreasonable.

This article will introduce a technique of automatically generating keys, which can be used to encrypt the plaintext of passwords submitted by users to make the logic more reasonable.

In this example, it is assumed that the generated key is 512 bits. The code is as follows.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.