Alex Nikitin wrote:
[snip]
Also you shouldn't actually encrypt passwords, the proper way to store them
is hashed, so that if someone grabs your database, they dont have your
passwords, even if they have the "key".
Hello, since this thread is about "studying mcrypt"...
In another language, for a "top security with the ability to retrieve
data situation", I use a method that stores an encrypted key, but then
also, the entire "pages" are encrypted as well, with a separate utility,
where I only know the key. Think of it as compiling your software, only
it is not compiling, it's encrypting, and it's then
able to run as if it were compiled.
The end result is that the key to any encrypted sensitive info does not
reside on the server, it resides with me on my local system... thus the
passwords are safely encrypted, yet I can retrieve them manually.
I don't know that PHP has the ability to run in compiled or encrypted
form.. does it? If not, I guess a 1 way, non-key encryption would be the
only way to be absolutely secure with saved data in PHP (such as a hash).
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
