Reputation: 57
Encrypting data with PHP and MYSQL (SHA1, MD5, MCRYPT_RIHNDAEL_256)
I'm a little confused with the best practices of encoding data, I'm dealing with very sensitive data so need to do/learn the best method to protect the data:
I'm currenting hashing all Passwords with a combination of SHA1, MD5 and hashBCRYPT all of which use salt with a large mixed character keys.
All personal data I'm currently encrypting with PHP MCRYPT_RIJNDAEL_256
Is it worth me also adding AES_ENCRYPT so the the data is also encrypted with MYSQL? I have a read a few things saying PHP is the better method when you need to search and fetch data regularly.
Any help would be greatly appreciated!
Upvotes: 1
Views: 424
Answers (1)
Reputation: 25366
You shouldn't be rolling your own hashing for passwords. Use PHP's built in password_hash() function: http://php.net/manual/en/function.password-hash.php
As for encrypting user information, you probably don't want to be rolling your own library either, there are many existing PHP libraries for encrypting that will save you from making mistakes, such as Defuse, PHPSecLib, PHPCrypt, etc.
Upvotes: 4
Related Questions
- PHP Salt password encryption
- mysql sha1 encryption for whole password column
- convert php mcrypt_encrypt and decrypt to mysql function
- Issues with using SHA1 password encryption in PHP/mysql
- Storing passwords in MySQL from PHP, using SHA2,mcrypt_create_iv, salt and MD5
- Encrypting and Decrypting with password_hash and SHA256
- Encryption using mcrypt, PHP, and MySQL
- Password encryption in MySQL and PHP over HTTPS
- User Authentication (Using sha1)
- php encryption sql