开发者

Compare Two-Way Encription With Data in Database

I have a column named id_num in database and the column must has a unique true value.

Users have to enter their ID Num to register in my system. To protect ID Num, I encript it using $this->encript->encode()

The encripted data will generate different code every time I enter the same data.

Example:

First registration: I entered 12345, will be encripted to PVfuF8GDzE4yton9tNabJwG

Second registration: I entered the same number 12345开发者_开发知识库, will be encripted to different code M0wYZsDAdR1u0WlsDAdR1

So, I call checkExistIdNum() to check either the ID Num already exist or not to make sure the id_num column is unique.

function checkExistIdNum($enc_id_num=null) {
    $this->db->select('COUNT(*) AS count');
    $this->db->where("(id_num = '$enc_id_num' AND user_id != '".user_id()."')");
    $query = $this->db->get('user_info');
    $num = $query->row()->count;

    if($num>0) return true;
    else return false;
}

Both has the same true value, but how can I compare id_num = '$enc_id_num' while both encripted code are different?


I think you are confusing the concept of a cryptographic hash and two way encryption.

A hash is a one way, and it always has the same result, given identical input.

MD5 or SHA1 are one-way hash algorithms that are commonly used to mask passwords in databases, the main reason for this is that it is just that, one-way, if the hash is obtained it cannot be reverted to its original value.


Use the database's built-in encryption functions so that the database indexes the values, and can quickly match against an arbitrary value you enter. Otherwise you're just reinventing the wheel, and you'll either have to keep a separate index that you compare against every time (very slow), or decrypt and compare every row individually (EXTREMELY slow).

Built-in encryption solves all of this without the possibility of leaking sensitive data through the indices.

And yeah, maybe it would be a good idea to use a hash, but for trivial account strings, that could easily be reverse-engineered if someone dumped the database.

Since you don't identify your database or your PHP version I can't be more specific.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜