ioleo / cryptomute Goto Github PK
View Code? Open in Web Editor NEWEncrypt numeric data (binary, decimal, hex) preserving it's format (eg. 16-digits card number to 16-digits encrypted number).
License: MIT License
Encrypt numeric data (binary, decimal, hex) preserving it's format (eg. 16-digits card number to 16-digits encrypted number).
License: MIT License
Where do I set the Length of Encrypted output? I cannot see it in the docs
The composer.json states that this nice library is compatible with PHP 5.4, however gmp_import and gmp_export functions are PHP 5 >= 5.6.1
The code below will fix this:
if (!function_exists('gmp_import')) {
function gmp_import($data)
{
return gmp_init(bin2hex($data), 16);
}
}
if (!function_exists('gmp_export')) {
function gmp_export($gmpnumber)
{
return hex2bin(gmp_strval($gmpnumber, 16));
}
}
I found probably an unusual, but beautiful use case for cryptomute - generating obfuscated same length public ids from a serial integer.
However, it's not written anywhere so I wanted to ask if there is a uniqueness guarantee given that max range value is big enough?
(I'm not concerned with the security of encrypted values, just its uniqueness for a unique set of numbers)
I'm trying to encrypt ids that are in the hundreds of millions (9 digits) into an 8 digit integer. The encrypt function works fine. The decrypt function does not decrypt to the correct input. If I increase the ValueRange from 8 to 9 digits decrypt works.
I'm not well versed in the algorithm used so it could be that this just an inherent limitation that I'm not aware of.
Example of the issue:
$cryptomute = new Cryptomute(
'aes-128-cbc', // cipher
'0123456789zxcvbn', // base key
7 // number of rounds
);
// doesn't work
$cryptomute->setValueRange(0, 99999999);
// does work
//$cryptomute->setValueRange(0, 999999999);
$password = '0123456789qwerty';
$iv = '0123456789abcdef';
for ($i = 100000000; $i <= 100000010; $i++) {
$encoded = $cryptomute->encrypt($i, 10, true, $password, $iv);
$decoded = $cryptomute->decrypt($encoded, 10, true, $password, $iv);
echo "ID: ".$i." DECODED: ".$decoded." ENCODED: ".$encoded."<br>";
}
We need to add a cipher method that does not require IV and test if current code base supports it.
GMP is sort of non-standard; even Google Cloud Platform's PHP runtime doesn't support it. Are there any plans to convert this to fallback to BCMath if GMP isn't available?
Currently the cipher operates on 2n
powers of 2, becouse to produce a balanced feistel cipher an even number of bits (divisible into 2) is required. However this costs performance, becouse to make sure the output is smaller than maxValue
we have to repeat encryption/decryption until the result fits.
The larger the gap between 0
and minValue
and maxValue
and 2n
- the more iterations on average it will take.
Luby and Rackoff have proved that if we use the next power of 2 greater or equal to maxValue
the number of operations (on average) required to produce the result will be 2.
Current implementation uses the "closest EVEN" power of 2.
This is probably not a big issue, as this library is blazingly fast anyways, but should be investigated.
Firstly, thanks for a great package, I came across this from another package (I don't remember which) that was itself linked to from Hashids, so I'm hoping this turns out to be faster than both of them.
I know in another post you said something along the lines of "there are no collision rates", and I wanted to confirm whether that was limited to the context of that thread or whether it generally applies to Cryptomute hashes. Is the output guaranteed to always be free of collisions no matter what?
I'm looking to generate unique user-facing IDs using primary keys in a database as input, limited to 8 digits. I selected the aes-192-ecb
cipher which doesn't have an IV, and set a range of 0, 99999999
for the length, plus padding. Can I expect this function to return none or low collisions, and would using a short password affect this? For that matter, is it a good idea to use another dynamic value in the database (such as email?) as a dynamic password, or does the password need to remain static?
Current tests could probably be improved to cover wider range of possible input data.
Exceptions thrown on invalid input should be tested.
An idea for a better API is to add $key
and $password
parameters to encrypt
and decrypt
methods as optional arguments and remove them from constructor.
the line
if (gmp_cmp($maxValue, $minValue) !== 1) {
throw new InvalidArgumentException('Max value must be greater than min value.');
}
keep called in my case making it hard for me to use it. The result of comparison in my case is 2 which is valid. The manual says of gmp_cmp
Returns a positive value if a > b, zero if a = b and a negative value if a < b.
So 2 is valid but you are checking for 1 only instead of positive numbers. Commenting out that one everything works great
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.