A Follow-up to Encrypting the Information Passed through the QuerystringBy Derrick
Due to popular demand (by the crypto guys, out there)....
I've added a 'one time pad' to the Encrypted QueryString routine that I wrote a few days ago. The script uses a database to log and assign individual keys to each user and their actions. The script should be 99.9% secure for the exercises that we'll probably need to use it for - but for the real die hard cryptologists out there, you'd need to store every single KEYSTREAM and insure that any new key generated does not have the same seed as one previously generated.
This is easy enough to check - but in our example, I'd imagine would start to fill up your database fairly quickly - so not really worth it. The randomness of the existing KEYSTREAM should be more than enough of a deterrant.
I've now simplified the file system to just 3 files, making it easier to manage.