Encrypting/Decrypting Sensitive Data

PHPGuru2

Is md5() function secure enough for encrypting sensitive information such as password or credit card number??

I have a custom encypt/decrypt function other than the built-in md5() function, but if someone can get the function code then there is not much difference in using md5 or my functions since the person can decrypt the sensitive data....

What do you think? Any comments or suggestions regarding encrypting/decrypting sensitive data??

bad76

Hi,
i use md5() to encrypt password before put in the db.
It's a good function.

But i don't think that exists a decrypter...
(Look this ... 🙂 )

see you

PHPGuru2

Yeah, you are right, there is no decrypting, so it cannot be used for encypting credit card number and so on...

seby

as mentioned an md5 hash string cannot be decrypt, i remember back in school i was told it would take something like a million years and a million super computers trying to 'guess'.

so i would say its really secure to use, especially for database applications. its good to match passwords, etc.. but if you use it for credit card number you'll never know the number after its encrypt 😉

bad76

Originally posted by PHPGuru2
Yeah, you are right, there is no decrypting, so it cannot be used for encypting credit card number and so on...

Is not so true:
if you have only to compare the values, you can use it. You can't only show it to the user.

Example:
I can memorize password with md5() in db.
- INSERT ... pwd=md5("$passwd") ...

At login i FIRST apply md5() to given password, THEN compare it with password in db
- if(md5("$userpaswd")==$row["pwd"])...

But i cannot show this
- echo "Your old password:".$row["pwd"];

[edit]
... and surely you cannot get back the credit number ...
[/edit]

laserlight

md5, or message digest 5, calculates hashes of strings (or data) of arbitrary length.
This helps you to check that the data has not been changed.

If you wish to have crypto support, you should consider using the [man]mcrypt[/man] library with PHP.

superwormy

Yes, as LaserLight pointed out, md5() IS NOT ENCRYPTION. It's one-way hashing, and cannot be decrypted. It is not meant to be secure, and shouldnt' be used for anything related to security. It is meant to calculate unique hashes to verify whether or not a file or string has been changed. Thats why whenever you download something off the 'net for *nix, usually they include an md5 hash with it. If the hash they provide doesn't match the md5 hash you make of the file after you download the file... you know the file is corrupt.

This is an interesting thread on the correct / incorrect / security implications of using md5...
http://phpbuilder.net/board/showthread.php?threadid=10242570&highlight=md5

PHPGuru2

Good replies!

Okay I have another question.
Let's say I wrote an encrypt/decrypt function using mcrypt library. Someone gets that source code somehow, so now he/she knows how my sensitive information is encrypted/decrypted and he can get the data easily.

So how secure is it have to be in the sense of security??
I mean everyone come across this issue right?

biz

Originally posted by superwormy
... It is not meant to be secure, and shouldnt' be used for anything related to security.

Hold a second there..one way hashes in escence are a secure way to store passwords and other sensitive data that don't need decryption. In NO way can MD5 hashes be considered insecure, its how they are used that can possibly make it not the right choice...take a look at any recent linux/unix distro and see what the default method of password encryption is...you guessed it, MD5.

MD5 IS secure when used properly.

tekky

and when used wth CC #'s it would be the same concept as PASSWORDS.... user enters their #' you comere md5(their#) to whats in the database....

just be sure that if you use mysql's MD5() to store a password you ALWAYS use mysql's MD5() as apparently PHP's md5() and mysqls md5() arent quite identical......

superwormy

I didn't say it was not secure... I said it was not MEANT to be secure. And it wasn't. It's a message digest algorithm, and its meant to generate unique hashes for data.

It MIGHT be secure when properly used. I won't even go there.

fandelem

Originally posted by PHPGuru2
Good replies!

Okay I have another question.
Let's say I wrote an encrypt/decrypt function using mcrypt library. Someone gets that source code somehow, so now he/she knows how my sensitive information is encrypted/decrypted and he can get the data easily.

So how secure is it have to be in the sense of security??
I mean everyone come across this issue right?

Source code will essentially tell the 'attacker' what was used to encrypt. But here's the thing: the most respectible encryption algorithms rely on the 'source' of how exactly it is encrypted to be publically available. The real test is -how- long it will take to break that particular encryption scheme.. and you can be willing to bet the most publically tested encryption scheme that takes a longgggg time to crack is the one that most likely has publically available source (aside from super duper top secret nsa stuff, etc). The gamble you take with proprietary encryption algorithms (ie. encryption algorithms that not just anyone can see how the data is encrypted) is that there could be a HUGE flaw in the algorithm that the 'general public' may be able to point out (a good example is the CSS DVD encryption algorithm ;o)

Weedpacket

Originally posted by fandelem
Source code will essentially tell the 'attacker' what was used to encrypt. But here's the thing: the most respectible encryption algorithms rely on the 'source' of how exactly it is encrypted to be publically available. The real test is -how- long it will take to break that particular encryption scheme.. and you can be willing to bet the most publically tested encryption scheme that takes a longgggg time to crack is the one that most likely has publically available source (aside from super duper top secret nsa stuff, etc). The gamble you take with proprietary encryption algorithms (ie. encryption algorithms that not just anyone can see how the data is encrypted) is that there could be a HUGE flaw in the algorithm that the 'general public' may be able to point out (a good example is the CSS DVD encryption algorithm ;o)

k.

Couldn't have said it better myself.

On the other hand, if someone got a hold of your decrypt key as well, then to all intents and purposes - as far as the algorithm is concerned - they will be you.

There's quite a bit more to security than a good encryption algorithm; there's no point using a state of the art algorithm if there are gaping holes in how it is applied.

This company offers a lot of useful and readable information on the subject of network security (and information security in general), as does its founder.