Note that using a one time pad for a string, it is secure for only one use. If you were to reuse the one-time
pad for multiple strings, the one-time pad could be comprimised by running the following algorithm:
If the key is reused, we can take CypherText1 (which is really
ClearText1 XOR key) and XOR it to the original known text and get the Key:
Key = (ClearText1 XOR key) XOR ClearText1
this is CypherText1 *
* algorithm provided by David Mann
Therefore, I have included some new code to create a new key everytime the code is executed.
It basically writes a new key file out every time the page runs. The 'key file' consists of a randomly
generated filename, and the key data is stored inside of it. The newly created key is used to encrypt/decrypt
the string data on the fly. If you were not encrypting/decrypting on the fly, you would want to store the
encrypted data and location of the key file that encrypted that data.
Optionally, as Derrick suggests in his article, you could store all of
this data in a secure database, instead of writing out text files. In seems however, you might not want key
information and encrypted data stored in the same location for security purposes. That's up to you.
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.