have u considered some of these?
[php.net...]
and what about md5, sha1?
or are pre-defined functions out of your way..

Thanks for your idea, I had initially though of that since they make nice unique numbers (even a simple crc32 would be almost the same) but the idea is that the average link stealer/harvester will be able to spot md5 and just run it though their own php/javascript decoder too.

I'm not asking for some killer algorithm that is on the level of SSL or PGP, I just need something that is reasonably simple code and key based so they give up rather than waste the cpu time to crack.

Maybe I am not looking at the right application for attempts at this, maybe there is some PHP/javascript code I can mimic for password passing to a server.

PHP has base64_decode and base64_encode which if I could first scramble the url based on a key (password) would be very useful. I just don't know how to do that scrambling.

In your case you should be looking for something secure and simple unless you are willing to sacrifice some resources for every click.

look at this, [phpfreaks.com...]
it's a combination of md5 and sha1. It doesn't take much time to create your own mod. It'll atleast take an hour or so for the sneakers to crack ;)

oh. btw if you can spare some time, try checking [hotwired.lycos.com...]

Hashing is a one way system, good for password matching but not two way encrypt/decrypt (hence md5 by itself will not work).

Just found another thread here on WW [webmasterworld.com] in the perl section with similar thoughts but unfortunately never solved.

However I am learning more and more, though wasting a huge amount of time on this.
What I have determined is I need to do a simple XOR on the URL with a password to scramble it and then base64 it so its webpage safe. I'll experiment to try to get this working.

I just realized that XOR is not going to be good enough. Because since any person can see the scrambled URL vs the unscrambled URL, you can easily get the password that was used to scramble it and then undo all the others.

It's a shame Blowfish is not installed with PHP generally (mcrypt) because the server I am using has blowfish extension for Perl. That would have been perfect.

you could do something like use base64_encode [ca3.php.net] for the final product.

what you combine with the link before you encode will help protect it. You can make it as complex as you like.

Ah but base64_encode is just transformation. Adding something to the string before base64_encode is not going to prevent anyone from decoding with base64_decode looking at the string and stripping away the bogus string.

Remember they can examine whatever algorithm is in place by comparing the encoded url to the resulting url when they click.

From everything I have read up to this point, the problem is all my simple approaches are using symmetric encryption [en.wikipedia.org] when I really need an Asymmetric [en.wikipedia.org] system.

The learning part of this is fun, the fustration is not so much.
It is such a shame that perl has Blowfish [en.wikipedia.org] while php does not on my host!

well you can do a bunch of things. These are where you need to mess around
[ca2.php.net...]

then do a little of your own math to build something. Some of the encoding functions are a help as well.

You're right if there is a direct connection between the src data and the target data it will be figured out easily. I am not suggesting using a single function for anything, a combination of different mathematical processes and then a quick encode could work.

Nothing is uncrackable, you need to take reasonable precautions so that the time involved out weighs the gain.

I have a few encoding functions and this is roughly their outline but I won't post code for them, that would kind of defeat the purpose. ;)