First off, md5('password') is not encryption. You cannot recover the original password after you hash the data. NB for technical readers: a brute force attack will not recover the password either, since there are a finite number of hashes and an infinite number of different strings.

Now, base64_encode('password') is also not encryption, except possibly in the very loosest sense of the word. Anyone can look at the Base64 text and recover the original password.

Encryption as it is generally known consists of a plaintext and a private key of some sort. An example of an encryption algorithm would be AES-256 (“Rijndael” is the name of the algorithm which won the AES contest and thus the title). AES-256 uses a 256-bit key and is generally considered very secure when properly implemented.

Cryptography is not a topic which should be approached lightly. It is extremely difficult to get right and the consequences when you do not are, although this seems contradictory, both subtle and severe.

You should very carefully evaluate whether you need to be able to recover the password. In 99.9999999% of all cases, the answer is “no”. In fact, I cannot think of a case where the plain-text of the password would matter to you.

After you are done evaluating whether you need to be able to recover the password, decide that you do not need to be able to recover the password.

After that step, if you still believe you need to be able to recover the password, look at already-written crypto libraries for PHP. OpenSSL is a well-tested generally-accepted crypto framework which implements pretty much every popular encryption standard, but it may be a little on the difficult-to-use side. mcrypt is very commonly installed and generally easier to use.