Ne burada yapmaya çalıştığım tamamen farklı bir çıkış içine denir her zaman aynı girişini şifrelemek bir işlev oluşturun. Bu fonksiyonun üssü xor, ama dize tekrarlayan desen kolay lekelenme önlemek için. Ben kendini doğrulamak Formunda üzerinde zaman ve bir dize kısmına dayalı rastgele karma ekledi.

All I ask for is if I made any kind of errors here that could reveal hidden text to experienced person without doing a brute force on the string. (I know that php has a module just for encryption but this is a poor mans version in case encryption module is not available.) Second: I do not ask you to rewrite this functions or to write something for me, what I ask is for a simple guidance what I have done wrong. I know that one possible security breach is that I use salsa by default, which is all zeros for empty string, but advantage is that this is the longest hash available in php, and second, what fool will use empty password to protect their data ?

function crapt($str,$pass,$hmac = false,$meth = 'salsa20') {
   $hash = pack('H*',($hmac===false) ? hash($meth,$pass) : hash_hmac($meth,$pass,$hmac));
   $str = gzdeflate($str,9);
   $tmphash = pack('H*',sha1(sin(microtime(1))));
   $str = $tmphash.((string)$str ^ (string)str_repeat($tmphash,strlen($str)/strlen($tmphash)+1));
   $str .= pack('H*',sha1($str));
   return (string)$str ^ (string)str_repeat($hash,strlen($str)/strlen($hash)+1);
}

function decrapt($str,$pass,$hmac = false,$meth = 'salsa20') {
  $hash = pack('H*',($hmac===false) ? hash($meth,$pass) : hash_hmac($meth,$pass,$hmac));
  $str = (string)$str ^ (string)str_repeat($hash,strlen($str)/strlen($hash)+1);
  $check = substr($str,-20);
  $str = substr($str,0,strlen($str)-20);
  if(pack('H*',sha1($str))!==$check) return false;
  $tmphash = substr($str,0,20);
  $str = substr($str,20);
  return gzinflate((string)$str ^ (string)str_repeat($tmphash,strlen($str)/strlen($tmphash)+1));
}

var_dump(decrapt(crapt('sometext','secretpassword'),'secretpassword'));