PHP - Looking for a two way obfuscation method for storing phone numbers

Question

I'm looking to store (in mySQL) an obfuscated version of a phone number, where the number is used for authentication (I need to be able to get back the original number).

I've thought about an arbitrary scheme like storing the number * 15 or some constant only my app knows.

What are some better ways of doing this?

EDIT: Some things I'd like to clarify:

1. The phone numbers that are saved can be used to log into an iPhone app - so I want users to be able to see which number they have connected to the service incase they want to log into the app with a different number later. This means I cannot hash the value.

2. Essentially I am looking for a way to protect the data if someone lifts my database that they don't have a bunch of phone numbers in raw form. So I'd like to obfuscate them so I can use them for authentication, but be able to get one back in its original form without storing it raw.

EDIT: To clarify, I am not authenticating on JUST the phone number. If implemented, it would be phone number + a password! Enter a single string of digits that may exist and you're in? lol - my apologies if I have misled some folks.

Answer 1

This isn't a very good approach to security. Several things jump out at me:

1. Phone numbers are very easy to guess: just program something to start guessing random combinations. Encrypted or not, your program is validating using these numbers, so it will eventually work on some. You need an extra layer of security like a password known only to the user in question. I would recommend anti-brute-force attack measures as well.

2. Any two-way encryption can be cracked, it is as simple as that. If you need to be able to decrypt data in the database easily, the only benefit from encrypting it is if someone hacks into your database and grabs the information. As others have pointed out, if that happens, you have bigger issues. The other scenario is for staffers who could have valid access to the DB. If you are hiding the data from them, it is important to encode the information in some way. But multiplying the phone number by a "unknown" constant is not ideal. Use a better method.

3. Surely I know my friend's numbers, so I could hack into anyone's account, correct? You need to add a password component if you haven't already. The password should be 1-way encryption using a strong and unique SALT. Once added, you only need to encrypt phone numbers in the DB if you don't want your staffers to see them. Otherwise you are wasting time encrypting them.

Answer 2

There is no point in this question.

Just leave these phone numbers as is. You will gain no security improvement from such obfuscation

Answer 3

A better way would be not doing that. There is a reason one-way encryption is used to store passwords.

If you need to get back the original value, you should not be using it for authentication, since it will invariably be easy for an attacker to find it.

If you feel you need to hide the value by obfuscating it, you probably need to change something fundamental about how you're storing the data.

Answer 4

Using the Cipher Class you can do this:

$phone = '...';
$key = 'secret.for.each.number';
$phone = Cipher::encrypt($phone, $key);

Before you store it in the database. Then later you can pull it out and do this:

$phone = Cipher::decrypt($phone, $key);

Answer 5

How about actual encryption? In this scenario, a good symmetric encryption algorithm is trivial, since the length of the payload is limited to, what, 10 digits, so you can get by with a key that's also 10 decimal digits long; using such a key, all you need to do is something like XOR or increment / mod 10 on each digit. Of course, the weak link in this scheme then is the way you store the key.

I am curious, however, why you need to get them back out - if it's for authentication:

1. you shouldn't be using phone numbers, as these are easy to look up, even automatically
2. you should be storing secure one-way hashes with individual salts, so you couldn't even get them back out youself if you wanted to (except by brute-forcing)

Answer 6

Store where? In a database? Use an encryption function rather than rolling your own system.

In MySQL it'd be as simple as:

INSERT INTO users (phone) VALUES (AES_ENCRYPT('yourkey', '867-5309'));

of course, now you're changed the problem from hiding the phone numbers to "where the @$@#$@# can I hide this key?". Obvious solution: hide the key under a rock outside your server's front-door. Which changes the problem into "where the @#@#$@#@% can I hide this rock?". Obvious solution: cover your front yard with a steel cage with a padlock on the door. New problem: how to hide the padlock key... and so on.