hashing data in mysql table

[jjk2]

what is the safest way to encrypt/hash the datas on the mysql table

 

why dont everyone decide to encrypt the information on tables, such as ip, username, password, and so on?

 

if a hacker were to hack ing steal the table information, would he be able to read the contents of the mysql table data ? (all username, passwords are encrypted format so all he sees is 234jhl2k3as8979234)

 

thank you!

[Prismatic]

If one is able to get into your database you have more serious issues to consider then whether or not the data was encrypted or not as it's most likely your entire system was compromised. Focus on preventing attacks and exploits and the prospect of encrypting and hashing *all* the data becomes less and less desirable.

 

You're looking at the situation in a, "well they got in, how can I limit the damage done?" sense, when you should be saying "How can I stop them from getting in?"

[haku]

The problem with hashing the username and ip etc, is that hashing is a one-way road, and cannot be unhashed. So hashed information basically becomes inaccessible. This is desirable with passwords, as a properly secure site will never display the password anywhere. However, there are many circumstances where you will need to be able to see the username and IP and email addresses etc, so hashing them would be a bad idea.

[jjk2]

thank you haku, that was the explanation i was looking for.

[jjk2]

prismatic, i know what you mean. but my question was specific towards hashed data, as to whether a determined individual could decode it and extract passwords, and other sensitive informations in the db.