Hide the key

Deflector

I have no idea where to put the unlock-key for MCRYPT. Since I am going to create a database where I am going to have a user-table, I want to store their password encrypted in the database (when they register on my website).

$key = rand(10,99);
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_TripleD
ES,MCRYPT_MODE_CBC),MCRYPT_RAND);
$crypted_password = mcrypt_encrypt(MCRYPT_TripleDES,$key,$pwd,MCRYPT_M
ODE_CBC,$iv);

The crypted password is then added to the database. BUT, can someone give me a hint where to put the $key. Is it safe to add it at the end of the crypted password, or should I store it outside of the database?

SpanKie

You can write it to a file outside the web root using php's file functions. You can even setup permissions on the server for that file or directory for added security.