0

I am making a website with PHP, and I need to store personal information about a user (name, address, phone number) in a MySQL database. The information will be shown to the user.

I am planning to use AES encryption to encrypt the data. Using the user password seems user-unfriendly, because the user will have to type his password for every time the data has to be shown.

I wanted to use a string stored in the session, where the id of the user, the hashed password and the username are appended, and then hashed. Is this a safe cipher key to use?

Cœur
  • 37,241
  • 25
  • 195
  • 267
FalconC
  • 1,358
  • 2
  • 14
  • 22

1 Answers1

2

No, that is not safe. All of those values are in the database. As a result, anyone who accesses the database can derive the key, decrypt the values, and read the data.

Your original idea is better: use the output of a key derivation algorithm such as SCRYPT(don't just hash the password, its too weak) on the user's password as your encryption key. Then store a version of that in the user's session. Of course, you need to make sure session data is stored securely and deleted completely after user logout/idle. One fail safe way to do this is write the data to a file yourself, store the file name in the session, and then securely delete the file (e.g. via the shred command or overwriting with random data).

imichaelmiers
  • 3,449
  • 2
  • 19
  • 25
  • I see. But what if the key is `hash($unhashed_password . $id . $username)`? Is the key still save? I'd prefer to use that, because it is easy to derive once the user is logged in, but it should be impossible for the attacker to derive. The unhashed password isn't stored in the database, so I assume this is safe. – FalconC Aug 06 '13 at 11:50
  • @FalconC That key is unsafe as well. First, hashing is not a good key derivation function. It's way to easy to mount offline attacks attempting to guess the password. You want a key derivation function that is computationally difficult to evaluate. Wose, for most hash functions, given the hash of the password, i can compute that hash you mention. This is known as a length extension attack. http://en.wikipedia.org/wiki/Length_extension_attack – imichaelmiers Aug 06 '13 at 15:08
  • I will have a look. Thank you. – FalconC Aug 06 '13 at 15:29