If i am not wrong, when you want to encrypt the content in the database you will use md5. I use that right now for passwords. But now i want to add encryption to all personal information, etc for enterprise clients. Below are my questions:
-
If I md5 everything, will php display everything the normal way, like without the md5?
-
When i allow editing of the content, i will have to display the info without the md5 and then add md5 upon submission, correct?
-
If someone gets access to the database, they will only see md5. But if they download it and then remove md5, wouldn’t they see all the info?
As you can tell i am an amateur under pressure. Please correct me if i am wrong with my thinking of md5. If so, how can i encrypt the databases keeping in mind that info will be edited by users anytime.
Thanks.
MD5 is a hashing algorithm, not an encryption algorithm. Hashing is one way; that is, you cannot take hashed data and turn it back into the original data. MD5 is used to hash passwords (well, hashing algorithms are used to hash passwords…MD5 is generally regarded as insecure and not suitable for applications involving security…like passwords) because all you care about is whether or not the passwords match, not what the password actually is. This allows you to store a token in your database (the hash) that you can use to compare without actually storing the password.
If you’re going to do application-level encryption of database data (rather than relying on any RDBMS-specific encryption features), you will always have to encrypt the data (in code) before you put it into the database and decrypt the data (in code) whenever you take it out of the database. For systems like this, a symmetric key encryption algorithm like AES is generally used.