0

Hey I really need some guidance.

ATM. i am using this encryption/decryption method for regular strings.

function encrypt($pure_string) {
    $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $encrypted_string = mcrypt_encrypt(MCRYPT_BLOWFISH, "!@#$%#^&*", utf8_encode($pure_string), MCRYPT_MODE_ECB, $iv);
    return $encrypted_string;
}
function decrypt($encrypted_string) {
    $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $decrypted_string = mcrypt_decrypt(MCRYPT_BLOWFISH, "!@#$%#^&*", $encrypted_string, MCRYPT_MODE_ECB, $iv);
    return $decrypted_string;
}

But after some research that might not be the most secure way? The data is being stored in a MYSQL DB.

And i do not have access to install custom php plugins to the webserver. So is there any other secure way to do this?

And how should I generate / store my encryption key?

This is not used for password and etc.

jonaslagoni
  • 663
  • 7
  • 23
  • The question is unclear because you do not explain **why** you need to store data in an encrypted way and why you believe that the above method is not safe enough. – Shadow Sep 07 '16 at 09:14
  • ECB doesn't really use an initialization vector (the algorithm isn't perturbed per-block). Use CBC at minimum. Otherwise, this is basically just a preshared key--lightly secure at best and OK for scrambling stuff that gets stored on disk that's not too sensitive. Nothing is ever really secure, but using bcrypt to derive a key and using something like AES-256-CBC is somewhat better. – BJ Black Sep 07 '16 at 09:14
  • Instead of encrypting and decrypting passwords, you should just hash the password and store the hashed password in the database and when a user inputs a password, hash the password the same way and check the user's hashed password with the database's hashed password. – Audite Marlow Sep 07 '16 at 09:17
  • @AuditeMarlow the OP explicitly wrote in the question that this is not used for passwords. – Shadow Sep 07 '16 at 09:24
  • @Shadow I want to store the data encrypted because i do not believe that i can ensure 100% that hackers will not get their hands on the DB. Therefor i just encrypt every information. I also found questions regarding this mode and which where said to be unsecure [link](http://stackoverflow.com/questions/16600708/how-do-you-encrypt-and-decrypt-a-php-string) – jonaslagoni Sep 07 '16 at 09:26
  • 3
    IMO you better try to secure your server and application as much as possible. – simon Sep 07 '16 at 09:35
  • @simon I agree. But i do not handle the webserver configs. So assuming they fail the job of doing so I want my DB to be as unreadable as posible. – jonaslagoni Sep 07 '16 at 09:37
  • Field-by-field encryption is not an answer, it makes searches pretty much impossible. Hackers may get access to the server side code as well and get their hands on the decryption key as well. – Shadow Sep 07 '16 at 09:38
  • So assuming they get access to the server side code, how would i even protect my encryption key? on a hole other server or? – jonaslagoni Sep 07 '16 at 09:43
  • This is an extremely broad question. There are number of ways to protect your data. However, it is difficult to achieve high level of security just with free tools if you do not have access to server configuration. If you are on a shared hosting provider, then you are over worrying data protection because the entire provider could be hacked through another site. If data protection is such a concern for you, then first move to a dedicated hosting plan where you can configure your server. – Shadow Sep 07 '16 at 11:19
  • That makes sense and will be done in the future. But until then i just need an alternative. Please check the answer i posted if that will be a possible solution? – jonaslagoni Sep 07 '16 at 12:09
  • This is the wrong site for this question really... http://security.stackexchange.com/ would be better. – Tschallacka Sep 07 '16 at 12:09
  • 1
    @Tschallacka you might be right about that yea :) – jonaslagoni Sep 07 '16 at 13:05
  • I have created a post at stackexchange follow it here - http://security.stackexchange.com/questions/136140/php-mcrypt-discussion-cbc-and-ecb – jonaslagoni Sep 07 '16 at 15:02

1 Answers1

2

But after some research that might not be the most secure way?

You somehow managed to hit the holy trinity of insecure code:

  1. The library: using an abandoned library (mcrypt) which has many bugs. OpenSSL can be used, but it's still a challenge of using it securely. defuse/php-encryption is a much better alternative.

  2. The block cipher: Using Blowfish where even its creator said that it is insecure. AES (=Rijndael-128) is a better alternative, but that's not something you should worry about when using a good library (see 1).

  3. The block cipher mode of operation: Using ECB mode is insecure almost in every case (scroll down to the penguin). Generally, a randomized mode like CBC is needed, but that's not something you should worry about when using a good library (see 1).

That's something that applies to secure transmission of data (and then some). If you need to find stuff in your database based on encrypted columns, then you need to think about adding a hash column or really using ECB mode.

And how should I generate / store my encryption key?

Keys are usually simple byte arrays. Some ciphers - like DES - have weak keys which you need to check for and generate another one. A good library usually gives you an API for generating a key.

Storing keys is an issue of much debate. Think about the usefulness of encrypting some data where the key is stored close to the encrypted data. After all, you usually need access and decrypt that data frequently. There is no good solution for this. If you store the encryption key on another machine than the data, the chance is higher that you get something else wrong and leave your network vulnerable.

Artjom B.
  • 61,146
  • 24
  • 125
  • 222