Anti-Moronic Posted January 18, 2010 Share Posted January 18, 2010 I must be missing something because this *seems* like the perfect way to store symmetrically encrypted passwords and such. Here is what I do: <?php define('key', 'secret'); $string = 'testing'; $enc = base64_encode(mcrypt_ecb(MCRYPT_DES, key, $string, MCRYPT_ENCRYPT)); $dec = base64_decode($enc); $dec = trim(mcrypt_ecb(MCRYPT_DES, key, $dec, MCRYPT_DECRYPT)); ?> Are there any major downsides to using this for encrypting passwords and being able to decrypt them via my app using the super secret key? By the way, any suggestions on how you would best store this key? Way I see it, it's very similar to storing a mysql db pass. You protect that with your life, so surely there is something I'm missing. This seems 'too easy'. Appreciate any insight. Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted January 18, 2010 Share Posted January 18, 2010 Anyone that has the raw source code to your application will have access to any sensitive information you store in your source code files, including passwords and keys. If your source code is stored in plain text on your server, then there isn't much reason to encrypt database passwords stored on disk or in source code files. The reason is any attacker can easily see your decryption scheme and decrypt your password / data the same way you do. Now if you were to go the extra step and encode your PHP source files with Nu-Coder, ZendGuard, or some other encoder program then there might be a point to this. For example, the applications I write are distributed to clients and they install my applications on their servers. When they install my application they run a setup script that will ask for their database password. The password they enter is encrypted by my program and then saved to disk. My source code files are encoded so they have no idea how I encrypt their data. And since the password to their database is encrypted, their machine is slightly more secure should an attack gain access to the machine. Note that any attacker skilled enough to: 1) Gain high enough access to a machine 2) Run a debugger Will obtain any secret keys, passwords, or even your raw source code files whether they're encoded or not. Quote Link to comment Share on other sites More sharing options...
Anti-Moronic Posted January 18, 2010 Author Share Posted January 18, 2010 Sorry, I wasn't clear. let me clarify. What I meant to use this method for encrypting other passwords like for a user management system (sessions etc.). The main benefit I would use this for is so I can send password reminders instead of having to reset passwords because they are stored using md5. But, on second thoughts, I think it would be a better idea to store 2 copies. One md5, the other symmetrically encrypted so I can send a pass reminder if necessary. Then simply use the md5 for comparing with cookies etc. Thoughts on that? Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted January 18, 2010 Share Posted January 18, 2010 You can encrypt data in this manner for storing within your database. Your need to base64 encode the data will depend on how well your chosen database handles binary data. I don't see any reason to decrypt user passwords and send them to your users however. Sending someone a password via e-mail in plain-text is a big security risk IMO. You'd be much better off allowing them to reset their password via a link send to their e-mail account. The reset-link would contain a unique key tied directly to that user's database record and have an expiration attached to it, so if they do not click it within X hours it can no longer be reset by that link. The only time I use two way encryption is when I'm storing a password for some sort of service (FTP, SMTP, SSH, etc.) when I know my program will need to provide the password to another program when a human will be unavailable to enter the password themselves. Or for other highly sensitive data storage, such as social security or credit card numbers. Quote Link to comment Share on other sites More sharing options...
Anti-Moronic Posted January 19, 2010 Author Share Posted January 19, 2010 Thanks for the tips. Appreciate it. I do usually have a pass reset, but it seems I'm receiving more and more passwords in plain text via email nowadays, and pass resets can be a pain in the ass. I mean, many reseller hosting panels send plain text passwords and other sensitive data directly to the resellers email when you create a new account/domain. I will still stick to the pass reset, but may include an option to just send a reminder (with a notice of the added security risk). Thanks again. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.