Encryption?

Ascendancy

What is good software to use for Ecrypting the data you keep in your MySQL?

mnceo

i saw this in a different post.. dont know if this will help you..

have you used the encrypt_data(); function.. if this helps.. 🙂 , if this dont.. i must be thinking of something else :quiet: .

if my responce helps.. goto this site for more info http://us3.php.net/mcrypt

MarkR

I don't encrypt data in my MySQL database. You should probably not need to do this at the application level.

I don't know what you're trying to achieve, but you should probably consider one or more of:

Using HTTPS to encrypt data to / from your web server
Using SSL to encrypt traffic between the web application server and database server (see MySQL manual for details - OBVIOUSLY this is only significant if they're on different machines and have an untrusted network in between)
Using your operating system to create an encrypted volume or directory for MySQL to store its data on (but beware: You will need to ensure that this volume is accessible following a reboot, if you want it to reboot unattended, this pretty much means you have to store the key unencrypted somewhere)

Encrypting the data at the application level will stop MySQL being useful to your application because:

Collation of text data will no longer work as encrypted data won't collate properly.
Likewise, searching encrypted data may be more expensive because indexes may not operate properly.
It will complicate your application sigificantly, increasing the amount of bugs and likelihood of data loss.

Mark

SpecialFX

If it is just a password or such then use md5() or sha1().

mjax

SpecialFX wrote:
If it is just a password or such then use md5() or sha1().

Please remember that those are hashing functions, not encryption. Encryption implies decryption, but it's not possible to decrypt values that have been treated with md5() or sha1().

Although it is common pratice to use it in such a way with passwords, you should be aware of what you are doing.

Weedpacket

The only time there would be any point to encrypting data is if the encryption is one-way (a hash, to be precise) or asymmetric, where the decrypt key is not stored within the application/system. If the encrypted data is supposed to be decrypted by the same application or by another application with the same key, then there is no point in doing the encryption.

If an attacker can get the encrypted data, then they're in a position to get the encryption key. If the encryption key can be used to decrypt the data, then they've effectively got the decrypted data. It would be like locking your front door and leaving a note taped to it saying that the key is under the mat.

SpecialFX

Well put, that's why I suggested the hashing functions I did.