I want to encrypt and decrypt data strings that are longer than 2500 characters. Is it possible to encrypt and decrypt such long data strings. It's like essays. Please tell me which encryption and decryption technique should I choose for such long data in PHP. Also what will be the effects of this on the database? Will the database will become heavy. What will be the length of the encrypted string that it will return?
I have never encrypted data in PHP rather than using only md5().
MD5 is NOT encryption, it's a hash function, a one-way method to obfuscate data.
For encryption of data that you can also decrypt, take a look at Simplest two-way encryption using PHP.
md5() isn't usually used for encryption, but for hashing purposes.
There are many extensions in PHP that deal with encryption. You can find them all here:
http://www.php.net/manual/en/refs.crypto.php
The most well known extensions are Mcrypt and OpenSSL.
With OpenSSL, you can use openssl_encrypt() to encrypt your data.
With Mcrypt, you can use mcrypt_encrypt() to encrypt your data.
Check the relevant sections of each extension for more information
Related
I have been using the openssl function for encrypting data with AES-256-CBC in php. I have been able to encrypt it using an unique IV (by generating with openssl_random_pseudo_bytes)for each new encryption.
But I am struggling with the idea of authenticated encryption with aes cbc. How do I basically authenticate when I am about to decrypt the data?
Do I need to use something like PBKDF2, blowfish or hash_hmac()?
Do I need to hash the key somehow?
Any help is extremely appreciated.
Simple solution, use RNCryptor which is available for php and many other languages. See this ReadMe for implementation details.
Even if you don't use RNCryptor the methods are correct and secure.
Some details from the site:
AES-256 encryption
CBC mode
Password stretching with PBKDF2
Password salting
Random IV
Encrypt-then-hash HMAC
Versioning
But I am struggling with the idea of authenticated encryption with aes cbc. How do I basically authenticate when I am about to decrypt the data?
After you encrypt the data with a random IV, put both the ciphertext and IV into hash_hmac() with a second key.
If you're asking because you need to deploy into production, wait until version 2 of defuse/php-encryption is released and use that instead. (It's AES-256-CTR not AES-256-CBC, but CTR mode has less attack surface than CBC mode; i.e. no padding oracle attacks if you defeat the HMAC.)
Don't use RNCryptor.
RNCryptor is/was not written in accordance to cryptography coding standards, neither in PHP, nor in Python.
RNCryptor literally violates rule 1 of the cryptography coding standards consistently. There may be other issues that have yet been undiscovered. If you want portability across languages, use libsodium.
I'm a little confused with the best practices of encoding data, I'm dealing with very sensitive data so need to do/learn the best method to protect the data:
I'm currenting hashing all Passwords with a combination of SHA1, MD5 and hashBCRYPT all of which use salt with a large mixed character keys.
All personal data I'm currently encrypting with PHP MCRYPT_RIJNDAEL_256
Is it worth me also adding AES_ENCRYPT so the the data is also encrypted with MYSQL? I have a read a few things saying PHP is the better method when you need to search and fetch data regularly.
Any help would be greatly appreciated!
You shouldn't be rolling your own hashing for passwords. Use PHP's built in password_hash() function: http://php.net/manual/en/function.password-hash.php
As for encrypting user information, you probably don't want to be rolling your own library either, there are many existing PHP libraries for encrypting that will save you from making mistakes, such as Defuse, PHPSecLib, PHPCrypt, etc.
I have gotten a code from php.net. http://php.net/manual/en/book.mcrypt.php
Problem is when you encrypt something, the next time the ecrypted one isn't the same as the first one. I need to get the exact same hash using sha512 or sha256. I also need to decrypt it because the function will be used for encrypting customer's name and other data.
Thanks in advance!
I shared my crypt wrapper at https://stackoverflow.com/a/173764/17404. Try using that.
Instead of using mcrypt for hashing, consider using the hash() function instead.
Remember, hashes is one-way methods and cannot be 'decrypted'.
Looking for encryption/decryption I would recommend you look at AES encryption - either through MySQL if you have your data stored in the database, otherwise mcrypt() can also manage AES.
I have some sensitive data in an online PHP application I am building. I want to store the data as a hash in the database, but that means I will have to decode the data every time I call it from the database. I know a hash is built to not be easily reversed engineered, so I would like to know what the best solution would be?
Unlike with passwords, I can't do a hash comparison - so how should I protect the information in the database?
What you're looking for is encryption, not hashing. Encryption is two way which means you can unencrypt to view the contents assuming you have the proper information for doing so (you do, snoopers don't).
See this post for code on how to do this with PHP.
Cryptographic hash functions are one-way functions, meaning that you cannot reverse them. What I presume you are looking for is encryption. You can use the Mcrypt or OpenSSL extensions to do this. My recommendation would be using AES with a 256-bit key (but remember that you need to keep the key secure) to encrypt the data before inserting it into the database and decrypting it upon retrieval. Now, you could use the methods provided by MySQL but I'd use Mcrypt myself. If you can provide the nature and approximate size of the data you are trying to keep secure I could recommend a suitable mode of operation.
Try reading this article on web cryptography: http://www.alistapart.com/articles/web-cryptography-salted-hash-and-other-tasty-dishes/
You can encode variables using the SHA-1 hash as follows:
sha1('password')
=> 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
MySQL supports data encryption and decryption. Ex:
INSERT INTO people (pet_name)
VALUES (AES_ENCRYPT('Schmoopie','my-secret-key'));
SELECT AES_DECRYPT(pet_name, 'my-secret-key') AS pet_name
FROM people;
Both of these examples are from the List Apart article.
Id like to redesign some aspects of my database/website, and am looking for reasonably strong crypto functions in PHP, which are also supported by MySQL.
I also need the encrypt/decrypt to be 100% portable & compatible
Mostly I will be crypting in PHP, selecting the crypted version from MySQL, and then decrypting in PHP.
But occasionally I will need to run a query which decrypts the field in MySQL, for reporting purposes etc
I had a look at mycrypt php library, but its not clear which of these ciphers are supported by MySQL.
Any recommendations plase?
After a bit of Google-fu it appears MySQL uses 128-bit AES with Electronic Codebook (ECB) mode. For the key, you'll need to use exactly value that's exactly 16 bytes.
Lets say I use _My-16-byte-key_ as my secret key.
SELECT AES_ENCRYPT('The rooster crows at midnight!', '_My-16-byte-key_')
Result is: 7e41520667dc20457db2f18644bad06dd62a2120be8b93cd5596d8ffea45ef0f
Over in PHP, I can use mcrypt_decrypt to reverse it:
$secret = '7e41520667dc20457db2f18644bad06dd62a2120be8b93cd5596d8ffea45ef0f';
$key = '_My-16-byte-key_';
print mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, pack('H*', $secret), 'ecb');
Result:
The rooster crows at midnight!
I'll leave the reverse flow as an exercise to the reader. =)
Here: http://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html
Is a list of all the encryption functions in MySQL.
I recommend to use AES.
All the other encryption options are no longer secure.
AES supports a 128 bit key length (and a 256 bit key length with a recompile of the MYSQL source).
Don't forget to salt everything you encrypt with AES to prevent rainbow table attacks.
If you use the same key to encrypt decrypt everything all the attacker needs to do is get that key, with the hash function (and salt) you don't have to worry about losing the key, with this option you run a huge risk of losing the key and all your passwords with it.
Use a hash function instead: SHA256 with a salt.
I also recommend AES, it is designed to be fast and since it is industry standard it is strong enough. However, what the reason to encrypt data inside database? If your encryption key will be stored in PHP scripts, it will not be more secure than using cleartext records. It has benefits only if many scripts access the same database.