[SOLVED] Encryption/encoding/privacy

[dustinnoe]

I have a site where users can journal things.  I have heard concerns from these users that when something is private to them they do not want anyone to stumble across it. I have put several steps in place to add privacy between users but I want to take it a step farther and hide this data from admins who have access to the database.

 

The solution, I'm guessing is to encrypt or encode the text then save it in the database and decrypt/decode it later.  What is the best method to hide/mask this data in the database?  Will base64_encode() do the trick?

[btherl]

That sounds quite difficult to achieve.  base64 will work against someone who is not a programmer, but I assume admins would have some basic programming knowledge.

 

Something which would be secure is to use the user's password to generate an encryption key.

 

For example, the user enters 'trustno1' as their password.  The password is hashed with md5() and compared against the hash stored in the database.  Then another hash is generated, which could be done by appending a fixed string to the password.  This hash is used to encrypt and decrypt that user's journal entries.

 

The big problem there is that a change of password will require re-encryption of all entries..  And forgetting a password will mean loss of all entries.  Not such a good idea maybe

[dustinnoe]

I guess really what I mean is I want to obfuscate the data.  Just make it unreadable.  When working on the database I don't want to see somthing interesting and cause me to start reading something personal.  The integrity of the admin will have to be trusted not decode/decrypt the data. 

 

With that said, which php function is most appropiate in terms of ease of use and resource intensity?

[btherl]

Oh.. ok i get it.  Well, base64 will certainly do it.  You could also use str_rot13(), which will use less space (base64 encoding expands data by 33%).  You could even use gzip, which will shrink the data, but dealing with binary data is a hassle.

[dustinnoe]

looks like str_rot13 is what I want.

 

How does it know for sure if it is working with an encoded or decoded string when deciding to decode or encode?

 

 

[ted_chou12]

This is what I believe is smart about it, all other encoding functions leave traces in the string, however, str_rot13() doesnt, and the detection can only be made by human, since you use the same function for both encode and decode, therefore, the codes are unrecognizable by the computer. When you encode, you apply the function, and all you get is that every alphabet is been shifted thirteen places, when you apply it again, it becomes the original string since there are only 26 alphabets.

Ted

[dustinnoe]

WOW! I am officially an idiot.  I never thought about there being 26 chars in the alphabet.  Although I did ask the question "Why 13 and not some other random number?"  It was late and that's my excuse.