PHP Classes

do not get it

Recommend this page to a friend!

      PHP Mx Gram  >  All threads  >  do not get it  >  (Un) Subscribe thread alerts  
Subject:do not get it
Summary:I have some questions
Messages:4
Author:Till Wehowski
Date:2018-01-23 04:26:04
 

 


  1. do not get it   Reply   Report abuse  
Picture of Till Wehowski Till Wehowski - 2018-01-23 04:26:04
Hi Luciano,
first I considered to vote for your class for the award, but I have some questions and demand on clearification:

1) In the descritption you write: "Only can read the messages users included in email friends list" but in the example I find

$data = $mxGram->decryptMedia($imageCode);
... if(strtolower($eachFriend)==strtolower($arrFriends[$i])) $emailMatch = true;
}
if(isset($eachFriend) && isset($arrData['friends']) && $emailMatch) {
....
if(isset($arrData['expires']) && ($arrData['expires'] == 0 || $arrData['expires'] > time())) {
...

In wich way the recipient and the time is part of the encryption, I do not see it, the check for time/recipient relies on the implementor, thats far away from encryption, and
although I am not an encryption-expert your Encrypt-Method look close to a cesar-like to me?

2) One thing I have like to ask: If I store encrypted data on one image, will I "see" any change "visually" on the picture?
---

There is a class called "Stegger" on this site, how does your class compare to it, what are the differences?

  2. Re: do not get it   Reply   Report abuse  
Picture of Luciano Salvino Luciano Salvino - 2018-01-23 11:30:33 - In reply to message 1 from Till Wehowski
Hi Till!
Thanks to consider my class for voting.

First of all, my class don't use steganogram method, you have to see it more like a colored QR code when you can add more information than a simple url. Thats is the most important diference compare to Stegger or any other.
The package is simple, you write a message add email recipient list and define time for expiration. It encodes the message and then each letter of the encoded message is converted to an hex color that will filling the image pixel by pixel.
You can try the demo on my site http://mxgram.mueveloz.com

For the question 1, yea you have to decrypt all the message to read the recipient list and expiration time. But you can do it separated. Create 2 encrypted messages, one for recipient lists and expiration and another for the message itself. Both with different encoding

Question 2 is answered before, you don't add dato to an image, you create an image

Regards,
Luciano



  3. Re: do not get it   Reply   Report abuse  
Picture of Till Wehowski Till Wehowski - 2018-01-23 18:43:01 - In reply to message 2 from Luciano Salvino
Hi Luciano,
thank you for your explanation! Now I understood it better, tried the examples and your demo and it works.

So, to save the data in image is not about the encryption, it is just the storage method to store an encrypted data?
You could as well store the encrypted message in any other type of file, is this correct?
(But the image makes the message more "nice and portable"?)

Some suggestion:
- You could add the possibillity to choose a custom "general_token" key by the user filling the form/encrypting the message (The Initial key in the class has invalid keylength?!)
- If anyone get the image and knows the recipient and your upload formula he can decrypt the message?
- You could think about to implement asnchronous encryption (e.g. like RSA), as the implementation is about sending emails you could use common standards for signing the mails or use an PKI for your users, ... ?
"unbreakable secret messages", well I cannot check and verify this now ;-)

But all in all, it is a nice package!

Greetings,
Till

  4. Re: do not get it   Reply   Report abuse  
Picture of Luciano Salvino Luciano Salvino - 2018-01-24 11:07:03 - In reply to message 3 from Till Wehowski
Hi Till,

you are right, it's a very beauty way to store data =D
I think "You can hide your message by showing it to everybody" (in a different way of course)

The first version of the package generates a userId for each user and then creates an userToken from userId

Yea, if someone know thats parameters can decrypt the message, maybe you can add a password for each destinatary...

Well everything is breakable, but the slogan is powerful, don't you think? =P

Thanks for taking your time to see my package and I'm glad you like it

Regards,
Luciano