General data field encryption

3 posts by 2 authors in: Forums > CMS Builder
Last Post: September 14, 2015   (RSS)

By markr - September 12, 2015

Does anyone use encryption for columns other than passwords?

Take social security number for example. Anyone use a method to decrypt the field before displaying on member profile page, then encrypt upon INSERT or UPDATE?

Wouldn't something simple like that help secure MySQL data should it be breached?

Hi markr,

I found on the net this functions and i using for encryption:

function my_encrypt($text, $salt)
{
    return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $salt, $text, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))));
}

function my_decrypt($text, $salt)
{
  return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $salt, base64_decode($text), MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)));
}

$userSocID = "ABC1234567890";
$compressed = my_encrypt($userSocID, 'mysalt_16char_xx');
$colsToTable = array();
$colsToTable['user_socid'] = $compressed;
mysql_update('user_datatable', null, "`num` = 5", $colsToTable);

$userRecord = mysql_get('user_datatable', null, "`num` = 5");
$uncompressed = my_decrypt($userRecord['user_socid'], 'mysalt_16char_xx');
echo $uncompressed;

your salt is need to 16 or 32 or 64 character long. Hope its helped...

Regards,
Karls