Good morning, for passwords I always use a hash sha1
or something that has no return, always mesque with a key of its own like date or text or something that varies from client to client.
To encrypt user information I advise you to generate a key for each user, it can be a md5 of a NOW () timestamp that works. hence you have a key that nobody has access that one way or another you use it along with the key of the client and encrypts the data of it passing in a crypt or a base64 using this key.
Once you get the db you will have a hard time figuring out your key to see the content of the generated hashes.
The guy would have to invade your system and see in hardcode the key generated.
---- I'll give an ex using php ----
to generate the key for each user
$key=md5($nomedousuario.$email.date('Ymd'));
What was done there is to generate a unique key for this user
prox step you have to have a key of yours or more of a key like I do but in the case I will only illustrate with 1 for you to understand the process.
$minhakey="87ye7jn789heyn986db87b";
I generated a random key that you can treat it as you want.
in my case I do the following
$key_completa = str_replace("7"," ",$key.$minhakey);
What was done is to remove the number 7 (for freshness) and generate a unique key that no one knows exists, this is the secret of the thing you have to have a key that you know how it was generated to encrypt all the information for that there is a way to read it.
To encrypt the content you do the following now, let's assume that I have the client's email and want to protect it, it will stay like this, obs. use these functions I'm going through to make the process easier.
function encrypt($data, $key){
return base64_encode(
mcrypt_encrypt(
MCRYPT_RIJNDAEL_128,
$key,
$data,
MCRYPT_MODE_CBC,
"$email_protegido=encrypt("[email protected]",$key_completa);
$email_legivel=decrypt($email_protegido,$key_completa);
echo base64_encode('$key_completa = str_replace("7"," ",$key.$minhakey);');
JGtleV9jb21wbGV0YSA9IHN0cl9yZXBsYWNlKCI3IiwiICIsJGtleS4kbWluaGFrZXkpOw==
eval(base64_decode('JGtleV9jb21wbGV0YSA9IHN0cl9yZXBsYWNlKCI3IiwiICIsJGtleS4kbWluaGFrZXkpOw=='));
$key=md5($nomedousuario.$email.date('Ymd'));
$minhakey="87ye7jn789heyn986db87b";
$key_completa = str_replace("7"," ",$key.$minhakey);
function encrypt($data, $key){
return base64_encode(
mcrypt_encrypt(
MCRYPT_RIJNDAEL_128,
$key,
$data,
MCRYPT_MODE_CBC,
"$email_protegido=encrypt("[email protected]",$key_completa);
$email_legivel=decrypt($email_protegido,$key_completa);
echo base64_encode('$key_completa = str_replace("7"," ",$key.$minhakey);');
JGtleV9jb21wbGV0YSA9IHN0cl9yZXBsYWNlKCI3IiwiICIsJGtleS4kbWluaGFrZXkpOw==
eval(base64_decode('JGtleV9jb21wbGV0YSA9IHN0cl9yZXBsYWNlKCI3IiwiICIsJGtleS4kbWluaGFrZXkpOw=='));
%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%"
)
);
}
function decrypt($data, $key){
$decode = base64_decode($data);
return mcrypt_decrypt(
MCRYPT_RIJNDAEL_128,
$key,
$decode,
MCRYPT_MODE_CBC,
"%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%"
);
}
%pre%%pre%%pre%%pre%%pre%%pre%%pre%"
)
);
}
function decrypt($data, $key){
$decode = base64_decode($data);
return mcrypt_decrypt(
MCRYPT_RIJNDAEL_128,
$key,
$decode,
MCRYPT_MODE_CBC,
"%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%"
);
}
to encode
%pre%
to decode
%pre%
To increase security go you can hide the code that generates the key doing so.
You will transform the entire function into a 64 base
%pre%
will return this here
%pre%
So just do this to run
%pre%
So the guy who has coded will have a hard time figuring out what q is.
Of course you can use a zend to encrypt your entire php by increasing security