php - Is this Data Encryption/Storage Method Secure? -


let me first i know bad idea store sensitive information in mysql database, please don't respond saying "don't it" or effect. building website absolutely essential store social security numbers, , have able retrieve data out of db (no hashing).

that said, have researched best way encrypt/decrypt data, , built custom function handle encryption. here encrypting function:

function my_data_encrypt($value){     $salt=substr(uniqid('', true), 0, 20);     $key=$salt.my_private_key;     $enc_value=base64_encode(mcrypt_encrypt(mcrypt_rijndael_256, md5($key), $value, mcrypt_mode_cbc, md5(md5($key))));     return array("enc_value"=>$enc_value, "salt"=>$salt); }

so generating random string salt, appending salt private key my_private_key defined in separate config file. use mcrypt_encrypt encrypt data, base64_encode make encryption safe store in db. encrypted string , unique salt returned , stored in db together.

my thinking throwing "private key" stored in config file (not db) mix add level of security encryption, way if hacks database , gets encrypted value , salt, still wouldn't have need decrypt data.

can security experts review function , let me know if/how data hacked , if there else improve it?

i have moved question https://security.stackexchange.com/questions/35690/is-this-data-encryption-storage-method-secure . feedback.

my 2 cents... random string isn't random because you're using time based function, instead consider openssl_random_pseudo_bytes

second, because didn't explicitly mention it, you'll want use ssl/ssh types of data transactions.

as far private key, config file located outside of publicly accessible directory , not in shared environment.


Comments

Post a Comment

Popular posts from this blog

linux - xterm copying to CLIPBOARD using copy-selection causes automatic updating of CLIPBOARD upon mouse selection -

i've tried various ways coerce xterm (versions 285 , 292) copy selection clipboard clipboard whenever press ctrl-shift-c. promising way far has been, in ~/.xresources, put this: xterm*vt100.translations: #override \ ctrl shift <keypress> c: copy-selection(clipboard) \n\ ctrl shift <keypress> v: insert-selection(clipboard) ctrl-shift-v works perfectly, copying has nuance... if restart xterm, highlighting text puts things in primary clipboard; expected, proper, default behavior. if hit ctrl-shift-c, copies current selection clipboard clipboard. the bug, however, if highlight text after first time pressed ctrl-shift-c, you'll see highlighting copies both primary and clipboard. cannot figure out how stop xterm updating clipboard upon selection... , doesn't make sense me in first place. i said, @ specific point in time, copy selection clipboard... yet starts updating automatically upon selection after doing once... anyone have workaround...
Read more

qt - Errors in generated MOC files for QT5 from cmake -

i generated moc files qt5 using set (cmake_automoc on) set(cmake_include_current_dir on) then add moc files src using set(src src/main.cpp src/video_widget_surface.cpp src/video_widget.cpp src/video_player.cpp #moc files moc/moc_video_player.cpp moc/moc_video_widget.cpp moc/moc_video_widget_surface.cpp finally add executable using add_executable(somegui ${src}) but errors in moc files saying : /other/workspace/perception/somestuff/moc/moc_video_widget.cpp:54:6: error: 'videowidget' has not been declared /other/workspace/perception/somestuff/moc/moc_video_widget.cpp:62:19: error: 'videowidget' has not been declared /other/workspace/perception/somestuff/moc/moc_video_widget.cpp:68:20: error: 'videowidget' has not been declared /other/workspace/perception/somestuff/moc/moc_video_widget.cpp:68:46: error: non-member function 'const qmetaobject* metaobject()' cannot have cv-qualifier /other/qt5.0.1/5.0.1/gcc_64/include/qtcore/qo...
Read more