3 replies to this topic

[RobSoftware]

Using MySQL and PHP I need to encrypt some data. This will be things like Credit Cards, Address and other confidential information. I've looked at MD5, is this the best method for security in PHP/MySQL?

What are my other options?

[John]

MD5 is probably the most widely used encryption, but as time goes on it is becoming less secure, especially with easy passwords.

I found this site the other day and I ran my users passwords through the site. The site cracked 9 out of every 10 passwords that were in my database, even passwords like - "jxksye."

I believe SHA-1 and ROT-13 encryption is becoming more popular but I have never looked into it.

[v0id]

First of all, just to point out: MD5 is not an encryption, it's an one-way hash function.

When "cracking" MD5-hashes, you actually don't crack them. You just make a lot of permutations, hashes each one of them and checks if the new hash is identical with the hash you're trying to "crack". MD5 is like I said, an one-way hash, so it isn't possible to "crack" it (not yet...)

To be honest I don't know what hash function or encryption is the best right now, but I think MD5 is still secure enough to use, though Sidewinder showed how it can be "cracked". If you're running it through an application it's even faster.
You can also take a look at the crypt-function in PHP, maybe it's something for you. I haven't used it by myself.

http://php.net/crypt

[RobSoftware]

I do not understand, I've always been taught that MD5 was encryption although I knew it was a one-way hash. Isn't this a form of encryption?

Sidewinder, what is this site you used? I'm interested in it.