| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192 |
- <?php
- /////////
- //
- // Stone PHP SafeCrypt Block Scrambler
- // -----------------------------------
- //
- // Block scramble and block descramble are utility functions for Pack crypt and Pack decrypt.
- // These are usable as lightweight encryption, and are very fast, but are also very weak and
- // should not be used independantly. These are only used because of the specific, well-known
- // characteristics of the IV stream as used by Pack crypt, where the OTP nature of the IV
- // leader makes these scrambles sufficient to prevent CBC MITM leading-block attacks.
- function BlockScramble(&$data, &$weakkey) {
- // Performs a simple modulo arithmetic cipher on the IV and datastream. The PHP manual
- // incorrectly states that the initialization vector may safely be transmitted plaintext;
- // in http://www.ciphersbyritter.com/GLOSSARY.HTM#IV it's made clear that in CBC mode, a
- // man in the middle attack is possible on the very first block returned by manipulating
- // the IV. However, since the IV is just a randomness salt, it carries all of the
- // important characteristics of a truncated one time pad; therefore, rotated with the MD5
- // hash of the key, which is well-distributed, we have a non-attackable binary result.
- // This protects CBC mode encryptions from a MITM leading block attack; also, it's nice
- // to have an extra source of white noise in the signal to slow down identifications.
- $strongkey = md5($weakkey);
- $keysize = strlen($strongkey); // because calling sizeof() every ten cycles is retarded
- $datasize = strlen($data); // and again
- $output = str_repeat(' ', $datasize); // pre-allocate output buffer to prevent reallocation thrash
- $di = 0; // data index cursor
- $bi = 0; // block index cursor
- // net2ftp - added the next line to avoid a PHP Notice about an "undefined variable"
- $ki = 0;
- for (; $di < $datasize; ++$di, ++$ki) {
- if ($ki >= $keysize) { $ki = 0; } // key's usually smaller than data, so bound it
- $output[$di] = chr((ord($data[$di]) + ord($strongkey[$ki])) % 256); // and record the scrambled byte
- }
- return $output;
- }
- function BlockDescramble(&$data, &$weakkey) {
- // Performs a simple modulo arithmetic cipher on the IV and datastream. The PHP manual
- // incorrectly states that the initialization vector may safely be transmitted plaintext;
- // in http://www.ciphersbyritter.com/GLOSSARY.HTM#IV it's made clear that in CBC mode, a
- // man in the middle attack is possible on the very first block returned by manipulating
- // the IV. However, since the IV is just a randomness salt, it carries all of the
- // important characteristics of a truncated one time pad; therefore, rotated with the MD5
- // hash of the key, which is well-distributed, we have a non-attackable binary result.
- // This protects CBC mode encryptions from a MITM leading block attack.
- $strongkey = md5($weakkey);
- $output = str_repeat(' ', strlen($data)); // pre-allocate output buffer to prevent reallocation thrash
- $keysize = strlen($strongkey); // because calling sizeof() every ten cycles is retarded
- $datasize = strlen($data); // and again
- $di = 0; // data index cursor
- $bi = 0; // block index cursor
- // net2ftp - added the next line to avoid a PHP Notice about an "undefined variable"
- $ki = 0;
- for (; $di < $datasize; ++$di, ++$ki) {
- if ($ki >= $keysize) { $ki = 0; } // key's usually smaller than data, so bound it
- $work = (ord($data[$di]) - ord($strongkey[$ki])); // descramble the scrambled byte
- if ($work < 0) { $work += 256; } // reorigin low-range bytes
- $output[$di] = chr($work); // record the origin-normalized byte
- }
- return $output;
- }
- ?>
|
