-3

I'm working on insecure cryptographic storage. As I know to prevent this I have to encrypt my data. All documents say that MD5 is weak,so can you suggest me some strong encryption in PHP,or I have to create my own encryption logic/scheme ?

Thks for all helps :)

mjv
  • 73,152
  • 14
  • 113
  • 156
Duc Anh
  • 581
  • 1
  • 9
  • 23
  • 1
    encrypt or hash ? do not mix up . hash is 1-way . cannot get back the information . MD5 is a hash function . – Raptor Apr 03 '13 at 02:59
  • see this answer: http://stackoverflow.com/a/10945097/188331 – Raptor Apr 03 '13 at 03:00
  • Oh dear god the english. Anyways as said above you want to hash things like passwords, not encrypt them. MD5 is a hash but people have found ways to break it using rainbowtables and such. If you really want to have a good one you should use something like Blowfish with a really long salt. – Lemon Drop Apr 03 '13 at 03:00
  • chaining multiple MD5 & SHA1 is a quick solution. – Raptor Apr 03 '13 at 03:01
  • 3
    @ShivanRaptor: No; it isn't. – SLaks Apr 03 '13 at 03:03
  • 1
    The OP doesn't even mention what data he wants to encrypt. – Class Apr 03 '13 at 03:07

1 Answers1

1

Using Salt Hashing + Sha

// define your encryption key

$encyption_key = 'IMHPU7GG3HI5FCMYCT354P7V8FEUPRFL'; //sample


// Appending salt to the password
$_POST['pword'] .= $encryption_key;

// then Return the SHA-1 encryption
$password = sha1($_POST['pword']);
Jhonathan H.
  • 2,734
  • 1
  • 19
  • 28
  • @lemondrop this will be just a sample in case it would be a registration for users :) – Jhonathan H. Apr 03 '13 at 03:08
  • @Dagon oh my golly goose.. sorry for that.. lmao – Jhonathan H. Apr 03 '13 at 03:09
  • 1
    How is this encryption? – Tchoupi Apr 03 '13 at 03:10
  • @MathieuImbert just get it from my bunch of snippets created in codeigniter for password hashing is this wrong? I used it before.. – Jhonathan H. Apr 03 '13 at 03:10
  • 1
    In this example, `$encyption_key` is a salt, not an encryption key, and the code implements hashing, not encryption. – G-Nugget Apr 03 '13 at 03:12
  • @Kaii My point exactly. It is hashing, not encryption. The OP didn't mention anything about password hashing, except for a vague not about MD5. – Tchoupi Apr 03 '13 at 03:13
  • 2
    @Kaii Imo its better to use random salts for each individual hash then use blowfish's weird system to validate them – Lemon Drop Apr 03 '13 at 03:13
  • thumbs up your all right.sorry for that.! just suggesting this would be a good idea – Jhonathan H. Apr 03 '13 at 03:15
  • 1
    And anyway, if the OP *was* talking about password hashing, sha1 is just a little less weak than md5. BCrypt is a better fit: http://stackoverflow.com/questions/4795385/how-do-you-use-bcrypt-for-hashing-passwords-in-php – Tchoupi Apr 03 '13 at 03:15