1

In PHP, which (decryptable) encryption algorithm is most secure one?
I mean MD5 can't be decrypted back right?
I've found full working class with mcrypt (then encoded with base64 again) which can encrypt and decrypt back.

Sample mcrypt (Encrypt):

function encrypt($value) {
    if(!$value){return false;}
    $text = $value;
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->key, $text, MCRYPT_MODE_ECB, $iv);
    return trim($this->safe_b64encode($crypttext));
}

Then encode again with base64:

function safe_b64encode($string) {
    $data = base64_encode($string);
    $data = str_replace(array('+','/','='),array('-','_',''),$data);
    return $data;
}

(Sorry for the code just with the encrypt, without decrypt. I just giving sample.) But I just want to know if there other more secure algorithm then using mcrypt.

Improve this question
8
  • base64 is NO encryption! It's some sort of encoding. Therefore it is not secure at all. Look for things such as AES (Rijndael), Blowfish, Serpent, Skipjack, etc. in ext/mcrypt for PHP: de2.php.net/manual/en/book.mcrypt.php Commented Sep 21, 2011 at 10:38
  • Please narrow your question, because the answer really depends on what for you want encryption. just for clarification: MD5 is not "encryption" - it's "hashing". It's meant to be irreversible. Again, Base64 is not "encryption" - it's "encoding". Please read (wikipedia is enough) a bit on those 3 terms. You should learn that there is no best algorithm - all have their pros and cons. Clarify yourself, please Commented Sep 21, 2011 at 10:39
  • what for do you need it? Commented Sep 21, 2011 at 10:46
  • @Stefan Sorry i have edited the question now. Commented Sep 21, 2011 at 10:50
  • @Col. Shrapnel What for? @_@ Don't you have to use any encryption in your codes?? Commented Sep 21, 2011 at 11:08

3 Answers 3

Reset to default
4

You probably want MCRYPT_RIJNDAEL_256. Rijndael with blocksizes of 128, 192 and 256 bit is a generalization of AES which only supports a blocksize of 128 bit.

See: http://us.php.net/manual/en/mcrypt.ciphers.php and http://us.php.net/manual/en/book.mcrypt.php

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

Just to clarify: MD and SHA algorithms are HASH algorithms: they calculate a check sum of given data so you can later verify that it hasn't been altered. Think of it like this:

Your data is 592652. You want a checksum to know this hasnt been altered so, you do something like: 

5+9+2+6+5+2=29
2+9=11
1+1=2

Now, when you want to check your data, you can put it through same calculation and see if you get the same result:

2

However there is no way to take that 2 and get back your original data: 592652.

Of course real calculations hash algoriths are different, this example is just a demonstration of the general idea. This is not encryption.

As for encryption, AES family of algorithms is probably most secure these days, I'd go AES-512. As others noted RIJNDAEL should be preferred. (AES and Rijndael are used exchangably, theyre almost the same thing: Rijndael is the name of the algorithm while AES is the name of the encryption standard that adops Rijndael as its method).

Improve this answer

1 Comment

Thanks you provided me that thing which i was looking from last 2 years
1

Base64 is not an encryption algorithm.

On PHP you can use the mcrypt extension to securely encrypt and decrypt data.

Blowfish is one of the most secure (and the default in mcrypt) algorithms supported by PHP.

See the full list of supported algorithms here.

Given that the question changed, this would be the new answer:

mcrypt is not an encryption algorithm. It's a library that provides an interface to different encryption algorithms to encrypt arbitrary data.

In a PHP context this is more or less the only decent thing you have to encrypt data.

Improve this answer

6 Comments

Then, sorry for my stupid questoin :( As you said, mcrypt provides an interface to different encryption algorithms, so which encryption algorithms is actually using in my code?
MCRYPT_RIJNDAEL_256 <- that one
Oh thanks. So please for my native question, does that way is safe? (Or) is there any other safer way? (which can be used as both encrypt/decrypt)
That algorithm is pretty solid. There is no better or worse but the one you are using is known to be a good one.
Thanks for the knowledge Tom. I was asking above question coz you've said Blowfish is most secure. :) ok, thanks anyway dude.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.