Encrypting Database Content

If i am not wrong, when you want to encrypt the content in the database you will use md5. I use that right now for passwords. But now i want to add encryptio开发者_运维技巧n to all personal information, etc for enterprise clients. Below are my questions:

1. If I md5 everything, will php display everything the normal way, like without the md5?

2. When i allow editing of the content, i will have to display the info without the md5 and then add md5 upon submission, correct?

3. If someone gets access to the database, they will only see md5. But if they download it and then remove md5, wouldn't they see all the info?

As you can tell i am an amateur under pressure. Please correct me if i am wrong with my thinking of md5. If so, how can i encrypt the databases keeping in mind that info will be edited by users anytime.

Thanks.

MD5 is a hashing algorithm, not an encryption algorithm. Hashing is one way; that is, you cannot take hashed data and turn it back into the original data. MD5 is used to hash passwords (well, hashing algorithms are used to hash passwords...MD5 is generally regarded as insecure and not suitable for applications involving security...like passwords) because all you care about is whether or not the passwords match, not what the password actually is. This allows you to store a token in your database (the hash) that you can use to compare without actually storing the password.

If you're going to do application-level encryption of database data (rather than relying on any RDBMS-specific encryption features), you will always have to encrypt the data (in code) before you put it into the database and decrypt the data (in code) whenever you take it out of the database. For systems like this, a symmetric key encryption algorithm like AES is generally used.

MD5 is an hashing function! Is a one-way function. You cannot decode a MD5 hash !

If you encode you content with MD5, you loose the data!!! Instead use 3DES, BLOWFISH or other encryption methods!

Encription depends from DB to DB. More or less every db has an encription module to use (and pay)

As far as I know, MD5 is known not to really be a secure hashing function nowadays. There are places out there on the web offering reverse MD5 services, where they collect a huge database of strings with their MD5 equivalent. Try going for something like SHA-512 and use techniques like iterative hashing to make it more secure. PHP has a crypt() library you might like to checkout, or use SQLite database encryption maybe.

If I md5 everything, will php display everything the normal way, like without the md5?

Nope. Everything will be an md5 digest. The original data will be (almost) impossible to recover from the digest.

When i allow editing of the content, i will have to display the info without the md5 and then add md5 upon submission, correct?

Since the md5 digest cannot (easily) be decoded into the original data, you'll have to keep the original info somewhere.

If someone gets access to the database, they will only see md5. But if they download it and then remove md5, wouldn't they see all the info?

Nope. The md5 digest cannot (easily) be reversed to reconstruct any of the original info.

MD5 is one way hashing function. It won't be decrypted. JUST ENCRYPTED.