Simple fast 2-way encryption in php

Question

I am serving a few MP3 files from my site, which are over 1 MB in size. I doubt others are hotlinking to the file because my CDN charges are going up without much difference in visits.

I am looking for a simple encryption, so that I can change the filename every 3-4 hours. I a more interested in a fast 2-way algorithm than the strength of encryption. Can someone suggest a fast encryption for this purpose.

Is encyption using mcrypt fast?

Answer 1

You could use a md3 of sha1 hash (or other one) to encrypt the date (or something like that). Encrypt the date for a string that is valid till 0:00. Use sha1(date('Y-m-d-H')) to get a new key every hour.

Someone accesses the file with http://domain.com/&^CYFG&^%U^GU^VUVUIVB/filename.zip, and you check if &^CYFG&^%U^GU^VUVUIVB equals sha1(date('Y-m-d-H')). If not, the link is old.

Answer 2

I would go with md5 with hash that changes(on interval) => http://phpsec.org/articles/2005/password-hashing.html

Answer 3

I'm unclear why you want encryption for this. It sounds like you just want a way to generate a link that isn't predictable, except by you. Taking an HMAC of a secret key, timestamp, and file identifier should do that for you. You can then make the HMAC part of the file name, along with the timestamp and file identifier. Verify them in your PHP script by computing the HMAC again and checking it against the one from the URI.

HMAC is not encryption, it's actually authentication/integrity, but its secure when used with a reasonable hash. Normally, I'd recommend SHA-256 or better, but for what you're doing MD5 sounds secure enough. Finding HMAC-MD5 code shouldn't be a problem. MD5 speed won't be a problem unless you're generating LOTS (millions per hour) of links.

(Authentication/integrity in this case means that the HMAC can only be generated by someone with your secret key as well as the public timestamp & file identifier).