Page 1 of 1

encrypting with PHP

Posted: Mon Dec 21, 2009 7:16 pm
by millerkil
I have a question about encrypting data using PHP. I understand that if you store data in a mySQL DB for example encrypted in MD5 or any other encryption support by PHP, you will be able to return the original data . It is also said it is irreversible encryption, if so how does the server get the original value back and if the encrypted data is salvaged by a cracker, would they not be able to decrypt it using PHP? I understand there is ways of making it more complicated to crack but I just want to know how the encryption/decryption process works.

Re: encrypting with PHP

Posted: Mon Dec 21, 2009 8:15 pm
by s.dot
md5 and other hashing algorithms are one-way, meaning they cannot be (or should not be) predictably reversible. This is called hashing. Encryption is meant to be two-way (by means of decrypting) so that data can be stored securely and retrieved in it's original form.

One way hashing is the preferred method for passwords and such because you do not need to know the original data - you only need to know if the supplied data matches the hashed data. In that case, just hash the supplied data and compare it to the already hashed stored data.

Re: encrypting with PHP

Posted: Tue Dec 22, 2009 10:27 am
by millerkil
okay I get it, I was kinda brain dead for a second or haven't really though about. No wonder you have encrypt the input to compare it with the database. Okay thank you.