encrypt data in database

fini

fini

fini

Soldato
Joined
26 Aug 2004
Posts
7,571
Location
London
Hi,

I'm looking to store some sensitive data in an existing (MySQL) database. Imagine for a moment that the user is already on a page that is only available when logged in as I've already got all that sorted (using a CMS). The page is not HTTPS at the moment and the data is stored in plain text in the database. I understand both of these to be very bad. How do I go about:
a)forcing https; and
b)encrypting data for the database and subsequently decrypting it to be read by the user.
 
You can forced https using purely php or via .htaccess - on a LUnux based host.

Loads of ways to encrypt data E.g. for passwords you could use a salt. E.g.

PHP: 
$saltKey = '223ghg2343274';
$plainText = 'some text';

$dataToStore = md5( $saltKey .  $plainText);

PHP has a range of built in methods to encrypt data too.
 
Firstly, don't use MD5 use something like SHA-256. It should not be used in new systems as it's broken.

If you just want to store passwords encrypted, then use the salting algorithm that suarve suggested with SHA-256.

If however you actually want to encrypt raw data, MySQL has a range of encryption functions you should look into, see here: http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html

Key management will be an issue for you im afraid, I would recommend using the AES encrypt/decryption functions, but you will need to store the key somewhere (assuming your users don't know it?) which may or may or may not be an issue depending on how sensitive your data is...

It might be easier to just treat the database as trusted i.e don't bother to encrypt the data in the tables. Then just use TLS/HTTPS to transfer the data safely to the end user. Forcing https: http://www.besthostratings.com/articles/force-ssl-htaccess.html
 
Can anyone confirm if this is secure:

Data is encrypted in the database using mcrypt with blowfish. The iv is stored in the xhtml file in the php encryption/decryption lines. The key is the hash of the user's password, which is stored in the same database. The page where this is viewable is only available to logged in users and shows the details for that logged in user only. The page is delivered over SSL.

Secure? I'm hoping there's nothing really stupid in that logic...
 
What you've outlined will be as secure as the hash function you've used and for general purpose use it should be perfectly fine. (hope it wasn't MD5 ;))

If you want to do it properly, you also shouldn't just store Hash(password||salt) because a password is ultimately a low source of entropy. The correct way is to use a password based encryption key deviation function. Which essentially adds much more randomness into the resulting encryption key that you get out the hash function.

RSA Labs have a standard for doing this called PBKDF2, and there is a very good article discussing a PHP implementation here: http://www.itnewb.com/v/Encrypting-Passwords-with-PHP-for-Storage-Using-the-RSA-PBKDF2-Standard This is widely regarded as the safest way to make an encryption key from a password.

Also keep in mind that if your database/host is ever compromised then the encryption is useless as the keys are easily obtainable.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom