17.3.4     Basic symmetric encryption in action: str_rot13()

This is NOT the latest copy of this book; click here for the latest version.

Symmetric encryption in PHP is very easy to get started first, so we will be looking at it first using the ROT13 algorithm. The ROT13 algorithm is not very secure - the algorithm is probably the most widely know encryption method around, and it can be decrypted by anybody just using pencil and paper. However, that does not make it useless, as ROT13 is very popular as an "obfuscator". For example, web sites that include sensitive information, such as information about the ending of a movie that many will not have seen yet, often ROT13 their information. Because of this, readers are just one click away from reading the spoilers, but they cannot read it by accident by just looking at the screen.

PHP gives you access to the ROT13 algorithm through the function str_rot13() - it takes just one parameter (the string to encrypt), and returns the encrypted version. Take a look at this example:

That script outputs "Uryyb, jbeyq!", as expected. There are three key things to note with that output - firstly, because every letter is simply shifted thirteen places to the right in the alphabet, double letters like the "ll" in "Hello" are glaring obvious. Secondly, the frequency that letters appear in English is not uniform - E appears approximately 60 times more often than Q, twice as often as S, and four times as often as M and H. Using knowledge of English letter frequencies, it is easy to decrypt any message that uses such simple encryption.

Finally, note that symbols (and also numbers) are left as-is using ROT13, which makes it useless for encrypting numeric messages.