Alex Nikitin wrote:
Also you shouldn't actually encrypt passwords, the proper way to store them
is hashed, so that if someone grabs your database, they dont have your
passwords, even if they have the "key".

Hello, since this thread is about "studying mcrypt"...

In another language, for a "top security with the ability to retrieve data situation", I use a method that stores an encrypted key, but then also, the entire "pages" are encrypted as well, with a separate utility, where I only know the key. Think of it as compiling your software, only it is not compiling, it's encrypting, and it's then
able to run as if it were compiled.

The end result is that the key to any encrypted sensitive info does not reside on the server, it resides with me on my local system... thus the
passwords are safely encrypted, yet I can retrieve them manually.

I don't know that PHP has the ability to run in compiled or encrypted form.. does it? If not, I guess a 1 way, non-key encryption would be the only way to be absolutely secure with saved data in PHP (such as a hash).


D Brooke

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to