I still remember the first time I had to “encrypt” a string for a legacy integration. It wasn’t cryptography; it was an idiosyncratic transformation the downstream system expected. That kind of problem is more common than you’d think: data pipelines that require reversible obfuscation, telemetry fields that need to be masked before logging, or migration scripts that must match a historical encoding rule. When I see a spec that says “reverse the string, replace vowels with numbers, append a fixed suffix,” I don’t reach for a crypto library—I reach for clear, fast, testable string transformations.
In this post, I’ll show you how I implement a custom string encryption algorithm in Python that follows a simple rule set: reverse the input, map vowels to digits, then append a fixed string. You’ll get two full implementations (regex-based and list-comprehension-based), learn where each shines, and see how to handle edge cases, performance, and maintainability in 2026-grade codebases. I’ll also call out common mistakes I’ve seen in production and how I avoid them.
The Algorithm, Stated Clearly
The algorithm we’re implementing is intentionally simple:
1) Reverse the input string.
2) Replace vowels according to a mapping: a→0, e→1, i→2, o→2, u→3.
3) Append the fixed suffix "aca" to the end.
This is not cryptography. It’s deterministic string transformation. You should treat it as encoding or obfuscation, not security. In my experience, the danger is less about correctness and more about silent mismatches—if your mapping or order of steps is even slightly off, downstream systems will reject the data.
To make this concrete, the string "banana" becomes:
- Reverse: "ananab"
- Replace vowels: "0n0n0b"
- Append suffix: "0n0n0baca"
Now let’s implement it the right way.
A Straightforward Python Baseline
When I need a canonical version to test against, I start with a minimal, readable function. It’s not the fastest, but it’s easy to verify and compare against other implementations.
def encrypt_string(text: str) -> str:
mapping = {
"a": "0",
"e": "1",
"i": "2",
"o": "2",
"u": "3",
}
reversed_text = text[::-1]
transformed = "".join(mapping.get(ch, ch) for ch in reversed_text)
return transformed + "aca"
if name == "main":
print(encrypt_string("banana")) # 0n0n0baca
This is often enough, but when I’m working in a codebase where performance and clarity both matter, I reach for specific patterns: either re.sub() with a mapping or a list comprehension that’s easy to JIT in my head.
One thing I like about this baseline is that it documents the algorithm implicitly: you can read top to bottom and see the steps. If I’m onboarding someone, I start here and then show the optimized variants.
Approach 1: Regex Replacement with re.sub
Regular expressions are a sharp tool. I use them when the replacement rules are set-based and I want one pass through the string with direct mapping. In this case, re.sub() is a strong fit.
import re
VOWEL_MAP = {
"a": "0",
"e": "1",
"i": "2",
"o": "2",
"u": "3",
}
VOWEL_PATTERN = re.compile(r"[aeiou]")
def encryptstringregex(text: str) -> str:
reversed_text = text[::-1]
# Replace only vowels; leave other characters unchanged
replaced = VOWELPATTERN.sub(lambda m: VOWELMAP[m.group(0)], reversed_text)
return replaced + "aca"
if name == "main":
print(encryptstringregex("banana")) # 0n0n0baca
Why I like this:
- The intent is obvious: only vowels change.
- It stays fast for large strings because there’s no repeated search/replace per vowel.
- It’s easy to expand if the mapping or pattern changes.
When I’m working with long text (tens of thousands of characters) in ETL jobs, this approach typically runs in the low milliseconds range on a modern laptop for each string chunk, assuming Python 3.12+.
One nuance: I avoid re.sub with a string replacement list or a chain of multiple replace() calls. The re.sub approach gives me one scan, one replacement pipeline, and a single place to define the rules.
Approach 2: List Comprehension (My Default)
If I want clarity and speed without bringing in regex, I use a list comprehension. It’s simple, predictable, and easy to test.
VOWEL_MAP = {
"a": "0",
"e": "1",
"i": "2",
"o": "2",
"u": "3",
}
def encryptstringcomp(text: str) -> str:
reversed_text = text[::-1]
# Build a list of transformed characters, then join
transformedchars = [VOWELMAP.get(ch, ch) for ch in reversed_text]
return "".join(transformed_chars) + "aca"
if name == "main":
print(encryptstringcomp("banana")) # 0n0n0baca
In my experience, this tends to be slightly faster than regex for shorter strings and comparable for mid-size strings. It also avoids regex overhead and keeps dependencies minimal.
I also like that it’s easy to explain in plain English: reverse, then map each character, then join. That story matters when you’re writing a code review summary or a docstring.
Traditional vs Modern in 2026: How I Choose
In 2026, I don’t write for today only—I write for the team that will maintain it next quarter. Here’s how I decide between approaches.
Modern Approach
—
replace() calls in a loop Single pass with list comprehension or re.sub()
"".join(...) for linear-time joining
Unit tests for edge cases and regression checks
Module-level constants with clear naming
Optional sanitization and casing rulesI treat “modern” as “clear, testable, and efficient.” Most of the time, that means a list comprehension with constants defined at module scope.
Edge Cases I Always Consider
When this kind of algorithm ships to production, weird inputs happen. These are the cases I test before I trust the function:
1) Empty string
– Input: ""
– Output should be just the suffix: "aca"
2) Uppercase vowels
– If your spec doesn’t mention uppercase, decide explicitly. I prefer to preserve case by default (meaning uppercase vowels are left unchanged) unless the spec says otherwise. If needed, you can normalize to lowercase first.
3) Non-ASCII characters
– If your input includes accented vowels like “á,” decide if they should be mapped. The default mapping won’t touch them.
4) Punctuation and numbers
– They should remain unchanged.
Here’s how I bake these into tests:
import pytest
from encryptor import encryptstringcomp
def testemptystring():
assert encryptstringcomp("") == "aca"
def testsimpleword():
assert encryptstringcomp("banana") == "0n0n0baca"
def testuppercasevowels():
assert encryptstringcomp("AEIOU") == "UOIEAaca"
def testmixedcharacters():
assert encryptstringcomp("Room 42!") == "!24 m002Raca"
That last test is a sanity check that numbers and punctuation stay intact. The input is reversed, vowels mapped, and suffix added.
I’ll also add a test for whitespace-only input and a test for strings with emojis. They should pass through unchanged except for the reversal and suffix.
Handling Uppercase and Locale-Specific Rules
Sometimes a spec says “replace vowels,” without clarifying case. I recommend deciding and documenting it clearly. If you must treat uppercase vowels the same way, I do this:
VOWEL_MAP = {
"a": "0",
"e": "1",
"i": "2",
"o": "2",
"u": "3",
"A": "0",
"E": "1",
"I": "2",
"O": "2",
"U": "3",
}
def encryptstringcaseaware(text: str) -> str:
reversed_text = text[::-1]
transformedchars = [VOWELMAP.get(ch, ch) for ch in reversed_text]
return "".join(transformed_chars) + "aca"
For locale-specific vowel lists (say, including “y” or accented characters), I extend the mapping and update tests. I avoid normalizing Unicode unless the spec demands it, because normalization can shift characters in ways that surprise downstream systems.
Performance Notes from Real Codebases
I’ve benchmarked these approaches in data pipelines and API services. Typical outcomes on a modern laptop with Python 3.12+:
- List comprehension: often 10–20% faster for short strings (tens to hundreds of characters).
re.sub(): comparable for medium strings, sometimes faster for very long strings due to C-optimized regex engine.- Multiple
replace()calls: usually slower and easy to get wrong.
If you’re encrypting a single string on a web request, either approach is fine. If you’re encrypting millions of rows in a batch job, the list comprehension tends to win because it keeps Python overhead low.
I also measure memory behavior when processing very large strings. Both approaches are linear in memory because they build a new string. If you need to process gigabytes of data, I switch to streaming or chunked processing (more on that later).
Common Mistakes I See (and How You Should Avoid Them)
1) Applying replacements before reversing
– The algorithm says reverse first, then replace. If you do it in the other order, you’ll get different results when vowels appear in symmetric positions.
2) Using str.replace() repeatedly
– That leads to multiple passes through the string, and it’s easy to miss the correct order or mapping.
3) Overlooking the fixed suffix
– It sounds trivial, but I’ve seen production bugs where the suffix was appended before replacement, changing outputs.
4) Implicitly lowercasing inputs
– If you don’t document this, you’ll get bug reports the moment someone passes “Banana.”
5) No tests for empty strings and punctuation
– These are easy to overlook and often the first inputs that break in production.
6) Using mutable global state
– If you reassign the mapping at runtime, concurrent requests can get inconsistent results.
7) Forgetting that the mapping is not injective
– If the algorithm is used as “encryption,” someone will eventually ask for decryption, and you’ll have to explain why it’s lossy.
When You Should Use This Algorithm
I use this kind of deterministic transformation for:
- Legacy system compatibility when the receiving side expects a specific encoding.
- Obfuscating identifiers in logs where true encryption isn’t required.
- Toy problems for onboarding or interview exercises.
- Lightweight transformations for local cache keys or filenames.
It’s especially handy when you need predictability and don’t want to pull in heavy dependencies. It also provides a nice entry point for junior engineers to learn about transformation pipelines without getting lost in cryptography.
When You Should Not Use It
If your goal is security, this is not encryption. It’s a reversible, predictable mapping. For any real security use case, I use modern cryptographic libraries such as cryptography with authenticated encryption (AES-GCM or ChaCha20-Poly1305). I do not use custom string manipulation for secrets.
I also avoid it when the system you integrate with is unstable or undocumented. If the spec can change, you need a configuration-driven approach that lets you update mappings without redeploying code.
A Robust, Production-Ready Implementation
Here’s how I’d package it in a real module, with explicit options and tests in mind:
from dataclasses import dataclass
from typing import Mapping
@dataclass(frozen=True)
class StringEncryptor:
mapping: Mapping[str, str]
suffix: str = "aca"
def encrypt(self, text: str) -> str:
reversed_text = text[::-1]
transformed = "".join(self.mapping.get(ch, ch) for ch in reversed_text)
return transformed + self.suffix
DEFAULT_MAPPING = {
"a": "0",
"e": "1",
"i": "2",
"o": "2",
"u": "3",
}
if name == "main":
encryptor = StringEncryptor(mapping=DEFAULT_MAPPING)
print(encryptor.encrypt("banana")) # 0n0n0baca
Why I use a dataclass:
- It makes configuration explicit and testable.
- It keeps the API clean if I add options later.
- It avoids global state in bigger systems.
In a real service, I might load the mapping and suffix from a config file or environment variables and pass them into StringEncryptor at startup.
A Quick Visual Trace for Debugging
When debugging, I prefer a trace that shows each step in a readable way. I’ll add a helper like this (and remove it after I’m done):
def debug_encrypt(text: str) -> None:
mapping = {"a": "0", "e": "1", "i": "2", "o": "2", "u": "3"}
reversed_text = text[::-1]
transformed = "".join(mapping.get(ch, ch) for ch in reversed_text)
result = transformed + "aca"
print(f"input: {text}")
print(f"reversed: {reversed_text}")
print(f"transformed:{transformed}")
print(f"result: {result}")
if name == "main":
debug_encrypt("banana")
This type of small debugging helper is a fast way to verify algorithm steps with stakeholders who might not read code, especially when the mapping changes.
Extending the Algorithm Safely
If you ever need to extend the mapping (for example, mapping consonants too), keep these rules in mind:
- Always update tests first. If a spec changes, your old outputs become invalid.
- Keep the mapping in one place. Do not scatter logic across functions.
- Prefer explicit mapping to ad-hoc logic. It makes code reviews far easier.
Here’s how I’d extend the mapping without changing the function structure:
EXTENDED_MAPPING = {
"a": "0",
"e": "1",
"i": "2",
"o": "2",
"u": "3",
"b": "4",
"c": "5",
}
def encrypt_extended(text: str) -> str:
reversed_text = text[::-1]
transformed = "".join(EXTENDEDMAPPING.get(ch, ch) for ch in reversedtext)
return transformed + "aca"
The function doesn’t change—only the mapping does. That’s a strong sign your design is correct.
Practical Integration Patterns I Use in 2026
In modern Python codebases, I typically integrate this logic in one of two ways:
1) As a small utility in a data pipeline
– I expose encrypt_string(text: str) -> str in a module and call it directly in a transform step.
2) As a dependency-injected component
– I use a class with a mapping and suffix passed in via configuration, which lets me keep environment-specific changes outside the code.
If the code lives in a service, I add a few tests and a small benchmark to ensure performance doesn’t regress. I’ve also used type checking (mypy or pyright) to enforce that the encryptor always receives strings. It prevents subtle bugs when input types change in ETL pipelines.
A Small Benchmark Script (Optional)
When performance matters, I run a quick benchmark. You can drop this into a scratch file to compare approaches:
import time
import re
text = "banana" * 10000
VOWEL_MAP = {"a": "0", "e": "1", "i": "2", "o": "2", "u": "3"}
pattern = re.compile(r"[aeiou]")
def encrypt_regex(t: str) -> str:
r = t[::-1]
return pattern.sub(lambda m: VOWEL_MAP[m.group(0)], r) + "aca"
def encrypt_comp(t: str) -> str:
r = t[::-1]
return "".join(VOWEL_MAP.get(ch, ch) for ch in r) + "aca"
for func in (encryptregex, encryptcomp):
start = time.perf_counter()
for _ in range(100):
func(text)
end = time.perf_counter()
print(func.name, end - start)
I’m not giving you exact numbers because they vary by machine, Python version, and input size, but expect list comprehension and regex to be in the same ballpark, usually within a small factor of each other.
A Note on Reversibility
This algorithm is reversible if and only if the mapping is injective and the suffix is fixed and known. Here, the mapping isn’t injective because both “i” and “o” map to “2,” so you cannot perfectly recover the original string. If you ever need reversibility, choose a one-to-one mapping and ensure the suffix doesn’t conflict with legitimate content.
If the spec doesn’t care about reversibility, then this is fine. But if you need to decrypt later, this algorithm won’t work as-is.
Real-World Scenarios I’ve Used This For
- A data migration where a legacy system required a “masked” field format.
- Logging pipelines that need deterministic but human-unreadable values.
- Teaching junior engineers about string manipulation and transformation pipelines.
- A lightweight validation where downstream expects a specific suffix after encoding.
When the problem is simple, I keep the solution simple too. That’s the difference between code that ships and code that just looks clever.
Key Practices I’d Like You to Adopt
I’ll wrap with a set of habits that have saved me time and bugs:
- Make the algorithm steps explicit. I always name
reversed_textandtransformedso the pipeline is visible in code. - Put mappings at module scope. It keeps configuration obvious and avoids repetition.
- Prefer single-pass transformations. It reduces time complexity and cognitive load.
- Test inputs you don’t expect. Empty strings and punctuation are the first real-world failures.
- Document casing rules. You’ll avoid unnecessary bug tickets.
From here, I want to go deeper into practical design decisions that come up when this algorithm is used beyond toy examples.
Step-by-Step Walkthrough with a Non-Trivial Input
Let’s walk through a more complex example so you can see every transformation. I’ll use this input:
"Room 42!"
Step 1: Reverse the input
- Result: "!24 mooR"
Step 2: Replace vowels (a→0, e→1, i→2, o→2, u→3)
- The vowels in the reversed string are the two "o" characters.
- Result: "!24 m002R"
Step 3: Append the suffix "aca"
- Result: "!24 m002Raca"
I always do this walkthrough at least once before I finalize an implementation, because it forces me to apply the rules exactly as written. It’s also useful for explaining the algorithm to someone who doesn’t want to read code.
Designing for Testability
Whenever I treat this algorithm as production code, I design tests that do more than check the happy path. I want tests that tell me when someone changes an assumption.
Here’s the test matrix I use in practice:
- Empty string
- Single vowel
- No vowels
- Mixed case
- Numbers and punctuation
- Unicode (emoji, accented letters)
- Long string
An example test suite extension might look like this:
def testsinglevowel():
assert encryptstringcomp("a") == "0aca"
def testnovowels():
assert encryptstringcomp("rhythm") == "mhtyhraca"
def test_emoji():
assert encryptstringcomp("hi🙂") == "🙂2haca"
def testlonginput():
text = "banana" * 1000
result = encryptstringcomp(text)
assert result.endswith("aca")
assert len(result) == len(text) + 3
I like tests that check structural properties too, such as length and suffix. That way, if someone refactors the code and accidentally changes the suffix or reorders steps, a test will fail even if a single example output still matches.
Alternative Implementations (When Constraints Change)
Sometimes I have to implement the same algorithm under constraints like “no regex,” “streaming input,” or “operate on bytes.” Here are some variants I’ve used.
Using translate() for speed
Python’s str.translate is great when you have a direct 1:1 mapping. It doesn’t apply here because our mapping is not a full translation table (and we only want vowels), but you can still make it work if you build a translation table for all 256 possible characters or for a Unicode subset. I rarely do this because it’s more complex and less readable, but it’s an option when performance is the only concern.
TRANSLATION_TABLE = str.maketrans({
"a": "0",
"e": "1",
"i": "2",
"o": "2",
"u": "3",
})
def encryptstringtranslate(text: str) -> str:
reversed_text = text[::-1]
return reversedtext.translate(TRANSLATIONTABLE) + "aca"
Using a generator for lower memory pressure
If you need to process extremely large strings, a generator can help reduce intermediate allocations. It still builds the final string, but the transformation is streamed.
def encryptstringgen(text: str) -> str:
reversed_text = text[::-1]
transformed = (VOWELMAP.get(ch, ch) for ch in reversedtext)
return "".join(transformed) + "aca"
It’s not always faster, but it can be clearer when you want to highlight the transformation as a pipeline.
Byte-level version for binary protocols
If you’re working with bytes instead of Unicode strings, you can do a similar mapping with bytes.translate and a manual reversal. I only do this when the input is truly bytes and not just encoded text, because mixing byte-level and string-level logic leads to bugs.
Streaming and Large Inputs
The algorithm as written assumes you have the full string in memory. That’s fine for most use cases, but if you’re processing a file that’s hundreds of megabytes, you need to rethink it.
The tricky part is the reversal. Reversing a stream means you need the whole data to reverse it. If you must support streaming, you have two options:
1) Read the entire input into memory, reverse, then transform.
2) Process in chunks but store them, then output in reverse order.
In other words, streaming reversal is inherently memory-heavy. If I need to handle massive inputs, I usually do chunked reading into a list, then reverse the list of chunks, then reverse each chunk. It’s more complex, but it keeps memory bounded and avoids holding multiple full copies of the string.
Unicode and Normalization Considerations
Strings in Python are Unicode. That’s usually a feature, but it can surprise you if you’re not careful.
- Accented vowels (like “á”) are not in the mapping by default.
- Unicode normalization can turn a single character into a base letter plus a combining mark.
If the spec says “map vowels,” I clarify whether that includes accented vowels. If it does, I add them explicitly to the mapping and extend my tests. If it doesn’t, I leave them untouched. The worst thing you can do is implicitly normalize or strip accents without telling anyone.
A CLI Wrapper for Quick Manual Use
Sometimes I want to test the algorithm quickly from the command line without writing a script. I’ll use a small CLI wrapper. It’s a practical addition and shows how to structure your code for reuse.
import argparse
def main() -> None:
parser = argparse.ArgumentParser(description="Encrypt a string with a custom rule set")
parser.add_argument("text", help="Input string to encrypt")
args = parser.parse_args()
print(encryptstringcomp(args.text))
if name == "main":
main()
This is especially useful if you’re validating the outputs with someone from another team. You can send them the script and they can run it without touching the code.
Defensive Programming: Type and Input Validation
In production services, I don’t assume the input is a string. Data pipelines can send None, numbers, or objects. Here’s the light-weight validation I sometimes add:
def encryptstringsafe(text: str) -> str:
if text is None:
raise ValueError("text must not be None")
if not isinstance(text, str):
raise TypeError(f"text must be str, got {type(text).name}")
reversed_text = text[::-1]
transformed = "".join(VOWELMAP.get(ch, ch) for ch in reversedtext)
return transformed + "aca"
I keep this separate from the core function so I don’t burden every call with type checks unless I really need it.
Observability and Debugging in Services
If the algorithm runs inside a service, I add minimal observability that doesn’t leak sensitive information. For example:
- Log the input length, not the input content.
- Log whether a transformation succeeded.
- Track latency for the transformation step if it’s on a critical path.
I avoid logging actual transformed outputs unless the data is explicitly non-sensitive. This is a transformation, not encryption, and anyone with the rules can reverse the process.
Why Order Matters (More Than It Seems)
Reversing first vs replacing first seems like a minor detail, but it changes the output. The reversal changes the position of the vowels before mapping, and a mapping that isn’t one-to-one can affect reconstruction if any downstream system attempts to verify a hash of the transformed output.
A simple rule I follow: never reorder steps without re-reading the spec and updating tests. If I do need to change order, I version the algorithm and keep both implementations during a transition period.
Example: Versioned Implementation for Safe Migration
If a system is already using the old algorithm and you need to change it, I use versioned functions or a strategy pattern:
class EncryptorV1:
def encrypt(self, text: str) -> str:
r = text[::-1]
t = "".join(VOWEL_MAP.get(ch, ch) for ch in r)
return t + "aca"
class EncryptorV2:
def encrypt(self, text: str) -> str:
# Example of a new mapping or suffix
r = text[::-1]
t = "".join(VOWEL_MAP.get(ch, ch) for ch in r)
return t + "xyz"
This makes it easier to migrate gradually, especially if multiple systems are involved.
A Simple Decryption Attempt (Why It Fails)
People often ask for a reverse function. I’m transparent: with the current mapping, it’s impossible to reconstruct the original string because both “i” and “o” map to “2.”
If you still want a “best effort” reverse, it would look like this: strip the suffix, replace digits with a representative vowel, then reverse. But this is lossy by design. I include a note like this in documentation so no one assumes decryption is possible.
Practical Scenarios: Decision Rules I Use
When I integrate this algorithm, I ask myself these questions:
- Is the mapping fixed or configurable?
- Do I need to treat uppercase vowels?
- Is the suffix fixed across environments?
- Does any downstream system expect a specific prefix or metadata?
- Do I need to log or validate transformed strings?
My answers to these questions shape the final code structure more than the algorithm itself.
Production Considerations: Deployment and Monitoring
Even small utilities can cause large incidents if they’re in a hot path. In a service, I add a feature flag so I can switch the transformation off or change the mapping in an emergency.
I also keep a tiny health check or smoke test that runs on deploy: encrypt a fixed string and compare to the expected output. It’s a one-line check that can prevent a broken deployment from going live.
A Comparison of Implementation Styles (Readability vs Performance)
Here’s a quick, qualitative comparison I use internally:
Readability
Flexibility
—
—
High
Medium
re.sub() Medium
High
translate() Medium
Low
replace() Low
Low
I care most about readable, maintainable code. The speed difference between the top two approaches rarely matters unless you’re in batch processing at scale.
A Minimal Documentation Snippet I Include in Repos
I like to include a short docstring or README snippet alongside the code, because most bugs come from misunderstanding the order of operations:
Algorithm:
1) Reverse the input string.
2) Replace vowels: a->0, e->1, i->2, o->2, u->3.
3) Append the suffix "aca".
Note: This is a deterministic transformation, not encryption.
Keeping this near the code saves me time during on-call incidents when someone asks, “why does this output look like that?”
Troubleshooting Checklist
If something doesn’t match expected output, I run through this checklist:
- Did I reverse before replacing?
- Are uppercase vowels supposed to map?
- Is the suffix correct and appended last?
- Did I accidentally trim whitespace?
- Is the input already transformed?
- Are there locale-specific characters that the mapping should include?
This list has saved me multiple times, especially when the bug is “works in dev but not in prod.”
FAQ (Based on Real Questions I’ve Received)
Q: Can I add a prefix instead of a suffix?
Yes, but only if the spec allows it. If it does, add it after the transformation step so the prefix is not affected by reversal or mapping.
Q: Why not just use base64 or hashing?
Base64 is encoding, not transformation, and hashing is one-way. This algorithm is about matching a legacy spec, not security or compression.
Q: Is reversing required?
Yes, if the spec says so. If you skip reversal, you are not following the defined algorithm.
Q: Can I use this for passwords?
No. This is not cryptographic encryption and should never be used to protect secrets.
Final Thoughts
If you take one thing from this post, let it be this: clarity wins. A simple algorithm can still cause real problems if its steps are poorly implemented or inconsistently applied. I write this kind of transformation as a small, well-tested utility with explicit steps, a stable mapping, and a visible suffix rule. That’s how I avoid costly mismatches and keep the code future-proof.
When you need to “encrypt” a string according to a specific rule set, treat it as a data transformation problem. Build it like you’d build any other critical piece of plumbing: clear steps, predictable output, and tests that catch mistakes early. That’s how you ship code you can trust.
