Analysis of PHP encryption function principle of discuz x1.5 discuz program

The principle is as follows, if:
Encryption
Plain text: 1010 1001
Key: 1110 0011 Cipher text: 0100 1010
The cipher text is 0100 1010. The decryption need is XORed with the key
Decryption cipher text: 0100 1010
　Key: 1110 0011
　Clear text: 1010 1001
　There is no sophisticated algorithm. The key is very important, so the key lies in how to generate the key.
　 Let’s take a look at how Kangsheng’s authcode is done

Copy the code The code is as follows:

// Parameter explanation

// $string: plain text or cipher text
// $operation: DECODE means Decryption, others represent encryption
// $key: secret key
// $expiry: ciphertext validity period
function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
/ / Dynamic key length, the same plaintext will generate different ciphertext, relying on the dynamic key
$ckey_length = 4;
// Key
$key = md5($key ? $key : $GLOBALS['discuz_auth_key']) ;
// Key a will participate in encryption and decryption
$keya = md5(substr($key, 0, 16));
// Key b will be used for data integrity verification
$keyb = md5(substr( $key, 16, 16));
// Key c is used to change the generated ciphertext
$keyc = $ckey_length ? ($operation == 'DECODE' ? substr($string, 0, $ckey_length):
substr(md5(microtime()), -$ckey_length)) : '';
//Key involved in the operation
$cryptkey = $keya.md5($keya.$keyc);
$key_length = strlen($cryptkey ; // If decoding, it will start from the $ckey_length bit, because the dynamic key is stored in the $ckey_length bit before the ciphertext to ensure correct decryption
$string = $operation == 'DECODE' ? base64_decode(substr($string, $ckey_length)) :
　sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$keyb), 0, 16).$string;
$string_length = strlen ($string);
$result = '';
$box = range(0, 255);
$rndkey = array();
// Generate key book
for($i = 0; $i < = 255; $i++) {
$rndkey[$i] = ord($cryptkey[$i % $key_length]);
}
// Use a fixed algorithm to scramble the key book and increase randomness. It seems very Complex, in fact the pair does not increase the strength of the ciphertext
for($j = $i = 0; $i < 256; $i++) {
$j = ($j + $box[$i] + $ rndkey[$i]) % 256;
$tmp = $box[$i];
$box[$i] = $box[$j];
$box[$j] = $tmp;
}
/ / Core encryption and decryption part
for($a = $j = $i = 0; $i < $string_length; $i++) {
$a = ($a + 1) % 256;
$j = ($j + $box[$a]) % 256;
$tmp = $box[$a];
$box[$a] = $box[$j];
$box[$j] = $tmp;
/ / Get the key from the key book, perform XOR, and then convert it into characters
$result .= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$ j]) % 256]));
}
if($operation == 'DECODE') {
// substr($result, 0, 10) == 0 Verify data validity
// substr($result, 0, 10) - time() > 0 Verify data validity
// substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16) Verify Data integrity
// Verify data validity, please see the format of unencrypted plaintext
if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > ; 0) &&
　substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) {
return substr($result, 26);
} else {
return '';
}
} else {
// Save the dynamic key in the ciphertext, which is why the same plaintext can be decrypted after producing different ciphertexts
// Because the encrypted password The text may contain some special characters and may be lost during the copying process, so use base64 encoding
return $keyc.str_replace('=', '', base64_encode($result));
}
}


But it’s a bit regretful, this The function ownership belongs to Kangsheng Chuangxiang and cannot be used freely.
The above introduces the analysis of the PHP encryption function principle of the discuz x1.5 discuz program, including the content of discuz x1.5. I hope it will be helpful to friends who are interested in PHP tutorials.