|
/** |
|
* Method to encrypt a data string. |
|
* |
|
* @param string $data The data string to encrypt. |
|
* @param JCryptKey $key The key[/pair] object to use for encryption. |
|
* |
|
* @return string The encrypted data string. |
|
* |
|
* @since 12.1 |
|
* @throws InvalidArgumentException |
|
*/ |
|
public function encrypt($data, JCryptKey $key) |
|
{ |
|
// Validate key. |
|
if ($key->type != 'simple') |
|
{ |
|
throw new InvalidArgumentException('Invalid key of type: ' . $key->type . '. Expected simple.'); |
|
} |
|
|
|
$encrypted = ''; |
|
$tmp = $key->private; |
|
|
|
// Split up the input into a character array and get the number of characters. |
|
$chars = preg_split('//', $data, -1, PREG_SPLIT_NO_EMPTY); |
|
$charCount = count($chars); |
|
|
|
// Repeat the key as many times as necessary to ensure that the key is at least as long as the input. |
|
for ($i = 0; $i < $charCount; $i = strlen($tmp)) |
|
{ |
|
$tmp = $tmp . $tmp; |
|
} |
|
|
|
// Get the XOR values between the ASCII values of the input and key characters for all input offsets. |
|
for ($i = 0; $i < $charCount; $i++) |
|
{ |
|
$encrypted .= $this->_intToHex(ord($tmp[$i]) ^ ord($chars[$i])); |
|
} |
|
|
|
return $encrypted; |
|
} |
XORing the plaintext with str_repeat($secretkey) is worse than encrypting in ECB mode.
There is no salvaging this "encryption" code. rm it, it's not secure.
joomla-cms/libraries/joomla/crypt/cipher/simple.php
Lines 61 to 100 in ec8a72f
XORing the plaintext with
str_repeat($secretkey)is worse than encrypting in ECB mode.There is no salvaging this "encryption" code.
rmit, it's not secure.