with my module you can use any crypt method you want, just need to make a shared library with the name libmycrypt.so (in linux, didnīt make the windows port yet)
with the functions (char *)crypt(char *) and (char *) decrypt(char *) so it can be customized with some limitations Keyser Soze ----- Original Message ----- From: "J Smith" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 05, 2002 2:15 PM Subject: Re: [PHP-DEV] New Module > > I hesitate to mention this because I don't want to get stuck in a corner > here, but I've been working on and off on a PHP encryption extension for > precisely the reasons you mention. I'm using Crypto++, a public domain > crypto library written in C++. > > A few months back, I was faced with a somewhat similar situation as yours. > Basically, I working on getting PHP to produce ciphertext that was > compatible with Microsoft's Crypto API for Windows. Unfortunately, the API > uses a bunch of non-standard ASNs and such (naturally) so incompatibility > forced me to look into other crypto libraries. Basically, I was trying to > secure Windows Media Services without having to shell out for full-on DRM > by passing encrypted timestamps embedded in URLs from PHP to WMS. The goal > was to prevent users from posting links and such to the video server, as > they wouldn't get anywhere because the URLs would only work within a > certain timeframe, hence the encrypted timestamps. > > Naturally, mcrypt couldn't produce anything remotely compatible with the > non-standard MS crypto API. So I was off to find something I could wrap in > a PHP extension and use in a WMS plugin. Crypto++ seemed like a good > choice, as it compiles fine on UNIX-y systems as well as win32. (And > without the need for cygwin, which was a key factor.) > > Right now, that project is kind of on the backburner, but I have a bit of a > framework going now, so it's coming along. All I've done so far is wrap a > couple of extra C++ classes around Crypto++ to make it a bit easier to use, > which will then have interfaces to the C code in the PHP engine. I have a > number of cipher algorithms working so far, such as Rijndael, blowfish and > three way, and have a number of cipher modes working. (ECB, padded CBC, > etc.) > > I have no idea of how much longer I'll be working on the extension as I > have a ton of other stuff to do, but I'll keep plugging away at it. No idea > what kind of timeframe I'm looking at, or even if I'll finish it, just > thought I'd mention that there is a bit of work being done on a > cross-platform crypto extension for PHP. > > J > > > > > Brent R. Matzelle wrote: > > > --- [EMAIL PROTECTED] wrote: > >> Hey, > >> > >> why not simply use the mcrypt functions available in PHP? > > > > I will tell you why. Mcrypt is nearly useless for developers like > > myself who develop PHP applications for both *NIX and win32 > > platforms. The mcrypt libraries are not distributed with the Windows > > binaries package and I have tried to build them myself only to find > > that you need Cygwin, which is an unacceptable dependency. > > > > I have been looking for months for a standard method to perform > > encryption with PHP and have only found php_blowfish > > (http://www.brisse.dk/linux/phpext/blowfish.htm) as a reasonable > > alternative that runs on both *NIX and win32 without many problems. > > Unfortunately this module is not distributed with PHP so I am nervous > > basing my software on it. > > > > I require two way encryption so that I can store passwords in a > > database to prevent unscrupulous database administrators from > > stealing them so it is extremely important to my business. > > > > If anyone has any input on this issue I would be delighted to hear > > it. > > > > Warm regards, > > > > Brent > > > > > -- > PHP Development Mailing List <http://www.php.net/> > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
