encrypting with PHP

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
millerkil
Forum Newbie
Posts: 2
Joined: Mon Dec 21, 2009 7:09 pm

encrypting with PHP

Post by millerkil »

I have a question about encrypting data using PHP. I understand that if you store data in a mySQL DB for example encrypted in MD5 or any other encryption support by PHP, you will be able to return the original data . It is also said it is irreversible encryption, if so how does the server get the original value back and if the encrypted data is salvaged by a cracker, would they not be able to decrypt it using PHP? I understand there is ways of making it more complicated to crack but I just want to know how the encryption/decryption process works.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Re: encrypting with PHP

Post by s.dot »

md5 and other hashing algorithms are one-way, meaning they cannot be (or should not be) predictably reversible. This is called hashing. Encryption is meant to be two-way (by means of decrypting) so that data can be stored securely and retrieved in it's original form.

One way hashing is the preferred method for passwords and such because you do not need to know the original data - you only need to know if the supplied data matches the hashed data. In that case, just hash the supplied data and compare it to the already hashed stored data.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
millerkil
Forum Newbie
Posts: 2
Joined: Mon Dec 21, 2009 7:09 pm

Re: encrypting with PHP

Post by millerkil »

okay I get it, I was kinda brain dead for a second or haven't really though about. No wonder you have encrypt the input to compare it with the database. Okay thank you.
Post Reply