How will I able to crypt data (usernames, passwords, etc) ... Would
MD5 be sutiable for this?
Certainly for passwords, but perhaps the documentation is not clear
enough. MD5() is not an encryption function, it's a hash function.
There is no way to recover the plaintext. This is perfectly adequate
for storing passwords where you can call MD5() on the user-entered
password and see if it matches the stored hash value. (Don't forget
to include some kind of "salting" data so that if two users choose the
same password you don't get identical hashforms in your database.
Also, I was wondering if there was a way to make SSL do these kind
of objectives
SSL handles a completely different aspect of security: protecting the
data in transit betwee the user's browser and the web server from
casual (and, in the case of 128-bit SSL, less-than-casual) snooping.
For complete security you may need both: the SSL will keep a snooper
from discovering the value of the user's password in transit, and hashing
it before storing it in the user database will keep others from learning the
plaintext value of the password if they somehow manage to gain access
to the database.
For actual encryption (where you can recover the plaintext values)
you need to obtain the mcrypt library as explained in the PHP manual.
Somewhere here on phpbuilder.com there's a message explaining
exactly which version to get (only 1 works with PHP.)
BTW, please don't confuse me with a security expert. If someone else
here has a better way to describe all this, by all means chime in!
