I have always been interested in codes and secret methods of communication. Modern day encryption is quite fascinating to me and has led me to develop my own basic encryption using PHP scripts. Two versions of my scripts exists, one is for sending e-mail or other type of message to a person while protecting their privacy. The other is more of an anonymous message dead drop where a message can be uploaded and then only retrieved once.
Try it out Here
The basic idea behind modern encryption is that a message can be reduced from plain text into its’ equivalent computer code of 1’s and 0’s each one or zero is know as a bit. Computers use ASCII code in which each letter is represented by a set of 8 bits. If we convert our plain text message to bits it will allow us to easily perform math equations on them to encrypt or scramble the text. Likewise we can reverse the process to convert back into plain text.
My encryption uses an XOR function to scramble to bits. The XOR function takes two bits and applies the following rules. (a XOR b = c) If a and b are the same then c = 0, if a = 1 and b = 0, or if a = 0 and b = 1, c = 1. Basically, if one of the bits is a 1 and the other is a zero the result is a 1, otherwise the result is a 0. First I generate a random “Key” that is 64 bits long. I use this key to XOR the message. I take the first bit of the key and the first bit of the message and XOR them. The encryption strength behind using XOR in this manor is simple. A + B = C if I told you C = 1 and then asked you to give me A and B you couldn’t do it, A could = 1 and B could = 0 or just the opposite. You wouldn’t know which is the key and which is the message. As long as the key is random the message will be encrypted randomly as well. Each bit in the message will either stay the same or be flipped to its opposite. The real beauty of using XOR is that you can take the encrypted message, put it through the same XOR function again and get back the original message. It flips back all the bits to their starting values.
My first idea was to have a form where users could enter in a message and click submit. The result would be an encrypted message and a key to decrypt it. The message could be sent via text message while the encrypted text could be sent via e-mail. The recipient could then enter both items into the form and decrypt the message. While this is secure, if the key and message were found by someone else the message could still be decrypted at any point in the future.
My second idea was a message dead drop. A user could anonymously leave a message that could later be retrieved by another person. As soon as the message was retrieved it would be deleted from the database it was stored on so it could only be viewed once. The database stores it completely encrypted as well as the message ID being decrypted. Looking at the database it would be impossible for even me to tell you who left which message. This uses 2, 32bit keys. The person who would like to retrieve the message must have both keys. Having just one key will not help at all in finding or decrypting the message as a one way hash of the complete 64 bit key is used to retrieve the message from the database in the first place.
Writing this encryption software was fun and educational. I currently do not have any plans to use this beyond creating this example.