Encrypt info for mySQL

gnome5482

what is the best encryption to use on mysql databases when working with php logins? I've heard several people say md5 is the best while others say sha is the best. I want to have really good security on my site, and wanted to know which is really better.

bpat1434

That depends upon what you are encrypting. Typically CRC or RSA encryption is considered "the best" encryption as it can use up to 256 bits. However, for basic passwords and stuff, either sha or md5 will work. You can make it more secure with your own salt and encryption methods, but you have to code it.

The programmer makes the encryption strong. So if you don't salt it, and you leave security holes in your SQL queries your encryption is essentially useless. Security comes down to your coding. Code securely (escape strings, check inputs) and you enhance the md5 or sha or mcrypt functions by salting before you encrypt it will help too.

Hope that helps....

laserlight

hmm... basically, you want to store the passwords in the database such that even if the database is compromised, your users' actual passwords will remain unknown to the attacker?

If so, SHA-1 is probably the most convenient to use with PHP, unless you have the [man]hash[/man] extension installed (e.g., PHP 5.1.2 and later). MD5 is a little (more) outdated, and although for this use both MD5 and SHA-1 have not been broken, MD5 is more broken than SHA-1 for collision attacks. Either way, you should follow bpat1434's advice and prepend/append a salt.

CRC is not a good choice, since it is designed for error detection rather than as a cryptographic hash. You only want to use a hash rather than encryption, so there is little point in using RSA (you will probably need to have mcrypt installed, in that case, or use some other library).