I havent used it but I have a feeling the mcrypt module might do what you after.

This is what i could find for you:

function keyED($txt,$encrypt_key)
{
$ctr=0;
$tmp = "";
$txt_len=strlen($txt);
for ($i=0;$i<$txt_len;$i++)
{
if ($ctr==strlen($encrypt_key)) $ctr=0;
$tmp.= substr($txt,$i,1) ^ substr($encrypt_key,$ctr,1);
$ctr++;
}
return $tmp;
}

function encrypt($txt,$key)
{
srand((double)microtime()*1000000);
$encrypt_key = md5(rand(0,32000));
$ctr = 0;
$tmp = "";
$txt_len = strlen($txt);
for ($i=0;$i < $txt_len;$i++)
{
if ($ctr==strlen($encrypt_key)) $ctr=0;
$tmp.= substr($encrypt_key,$ctr,1) . (substr($txt,$i,1) ^ substr($encrypt_key,$ctr,1));
$ctr++;
}
return keyED($tmp,$key);
}

function decrypt($txt,$key)
{
$txt = keyED($txt,$key);
$tmp = "";
$txt_len=strlen($txt);
for ($i=0;$i<$txt_len;$i++)
{
$md5 = substr($txt,$i,1);
$i++;
$tmp.= (substr($txt,$i,1) ^ $md5);
}
return $tmp;
}

$coded=encrypt("hello this is a test","mykey");
echo $coded."<br>";
$decoded=decrypt($coded,"mykey");
echo $decoded."<br>";

I´s recommend using the Mcrypt module as well. Unless you really know what you are doing developing your own encryption routine is not very secure. Even implementing an already existing algorithm needs extensive testing and might still prove to be error prone.

If there is one area where reinventing the wheel is really bad it is encryption unless your math and cs skills are excellent.

When developing for a client not using a well known cryptographic library is bad practice as well. Think of the legal implications.

Andreas

I would not trust the implementation above as far as i can throw it. It is just a variation of the Vigenere cipher ([trincoll.edu ]) with some extra muddling that, is my impression, serves little purpose.

Please note that this cryptosystem fell 150 years ago, and is extremely vulnerable (as in, you only need one pair) to known-plaintext attacks.

Hello Ranieri, Welcome to WebmasterWorld.

So what would you use instead?