Is there a secure PHP encryption on which NSA hasn't put or isn't able to put in future of 20 years it's hands on?

Recommended Answers

All 12 Replies

Who knows :)

But I would hazard by saying no. Let's say new technologies could speed up the decryption, or they could find a flaw in the algorithm, or they could add an hidden backdoor into the new chips: once you change one of the components in your server, or in one of the other boxes in the same network, the entire system would be compromised and they could access the decryption key. As example.

Look, I am not native English speaker. But I understand quite many words. But I don't get what have you just said. I am talking about PHP encryption and you talk about network, boxes, computer parts, chips and backdoors...

Member Avatar for diafol

AFAIK, the enrypted data requires a key to decrypt it. So for most of us, encryption is only as secure as the location of the key. Please correct me if I'm wrong.

Sorry, check these links:

And let say you're using this script:

<?php

$key = "this is a secret key";
$input = "Let us meet at 9 o'clock at the secret place.";

$td = mcrypt_module_open('tripledes', '', 'ecb', '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$encrypted_data = mcrypt_generic($td, $input);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);

echo $encrypted_data;
echo "<br />";
echo mcrypt_decrypt('tripledes', $key, $encrypted_data, 'ecb', $iv);

If I'm able to access your system and steal the $key, then I can decrypt everything, no matter how strong is the encryption. This is why I'm talking about other factors. You cannot consider something secure if you do not consider also the environment in which this modus operandi will be used.

Hope is more clear now, my English is not good, since this is not my native language.

Yes, but last time NSA has apparentely found ways to easily BruteForce and recall originate data without touching password file.

@cereal Yes I know. But I search for encryption that cannot be predicted. Lets say key is unreachable for Chuck Norris. I am looking for PHP encryption method that will be most safe.

NSA is everywhere, if they want to steal they will, they are the government afterall. You are thinking about encryption!
Lol they even steal from gmail's high secure encrypted data.

Well you might consider rewriting the INTERNET, thats sound a lot of work. Gd luck.

But I search for encryption that cannot be predicted

Use a method where they key size equals the data size.

NSA is everywhere, if they want to steal they will, they are the government afterall. You are thinking about encryption!
Lol they even steal from gmail's high secure encrypted data.

They don't steal it, they buy it from Google. Heard of PRISM?

Use a method where they key size equals the data size.

Are you kidding me? You mean, I need to create key of length of data, when it's like 5000 characters?

Are you kidding me? You mean, I need to create key of length of data, when it's like 5000 characters?

Correct. That's the only way to ensure that a brute force attack will be slowed to a halt, since there's no longer a pattern to be recognized.

Uhm, I could just use any encryption method and put the password that is same length as encrypted data.

But that's the question, what is "best" encryption method?

"best" - "securest" (I know it's incorrect but it's going about meaning)

Perhaps this helps to determine what you need.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.