At lunch today I had a look at AES (aka Rijndael) to tighten up security in my PHP and MySQL applications at home today. Although very slightly more complex than simple MD5 or SHA1 encryption of passwords, AES does provide the ability to decrypt passwords. As of yet (as far as I can tell), AES also has not been hacked yet, and uses a “key” to unlock or lock the password. In plain old MySQL this is pretty simple:
INSERT INTO table_name (username, password) VALUES('james',AES_ENCRYPT('some_password','some_key'));
Hey presto - that generates a nice encrypted password. The password field in the database must be a BLOB, unlike MD5 or SHA1 where it could be a VARCHAR(32) or a VARCHAR(40). To reverse the encrpytion in MySQL is just as simple:
SELECT username, AES_DECRYPT(password,'some_key') FROM table_name;
I expect this will be just as simple using PHP’s mcrypt cryptography, but I have not yet looked into this… add to my todo list!
