Reputation: 20726
I have to store some information (Text) in an MySQL Column (MediumBLOB). It works but I am not sure if this way is secure enough.
Please don't wonder that the encryption key is randomized. It works as designed :)
$encryptionKeyRandom = str_random(12);
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);
$encrypted_string = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $encryptionKeyRandom, $input['item'], MCRYPT_MODE_ECB, $iv);
$input['item'] = bin2hex($encrypted_string);
// Save to DB
Suggestions for better security/encryption are welcome.
Upvotes: 0
Views: 245
Reputation: 7911
mcrypt is outdated and hasn't been touched in quite a few years. I'm not saying that it isn't useable, just that there are faster alternatives available cause quite frankly, mcrypt is slow.
openssl is a better alternative and works much like mcrypt, but the best library is in my opinion sodium. However sodium is not yet available in php 7 and maybe bringing it to 7.1. but should be for other versions.
https://www.virendrachandak.com/techtalk/encryption-using-php-openssl/ helped me migrating from mcrypt to openssl, take a look.
Upvotes: 1