Best way to encrypt data using php - I am not sure if I doing it correctly

Question

I want to encrypt some data within my php file when I add the stuff to my mysql database.

This is how I do it.

I create a static key like:

$key = md5("pass");

Then I have two functions called encrypt() and decrypt() and they do this:

function encrypt($string, $key){
    $string = rtrim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $string, MCRYPT_MODE_ECB)));
    return $string;
}

function decrypt($string, $key){
    $string = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($string), MCRYPT_MODE_ECB));
    return $string;
}

I am not sure if this is best practice but like how do I generate a key other than md5?

Answer 1

There are at least two problems with this approach.

1. Your choice of key generation
2. Your choice of encryption mode

Key Generation

You're doing md5("static password") as your key. This is really bad. First, you're "only" getting 128-bits from MD5 and you're using 256-bit keyed AES, thereby wasting cycles (because AES-256 is slower than AES-128) on something you're not using anyways. Secondly, you password is weak. "pass" is not a secure password and I really hope you replace it with something much stronger for production use. Third, you're using plain MD5 for the password processing (also see our canonical answer on password hashing). This is as bad as it can get, because the ciphertexts could be attacked using precomputed (rainbow) tables and MD5 is a fast hashing function, allowing fast brute-forcing of your password. Fourth: Why are you even using a password!?. There's no logical reason to use a static (human-readable) password instead of a secure, randomly generated key of the desired size. This way you don't have to worry about brute-force, you don't have to worry about using MD5 (which will give bad press) you don't have to worry about your key to be too short.

Encryption mode

While you use AES-256 as encryption algorithm (which is OK), you're using ECB as your mode of operation for AES. This way you have two problems: a) you're leaking which AES blocks (16-bytes) are equal and b) you have to pad your messages to be a multiple of 16-bytes. To fix these problems you need to swithc the mode. GCM is the best option you have. Unfortunaly, this isn't properly supported by PHP until PHP 7.1 via openssl_encrypt() or mcrypt_encrypt() (which you really shouldn't use, because it's slower, no longer maintained and less hardened than OpenSSL). If you already have PHP 7.1, then fine, you can use AES-GCM with openssl_encrypt(), which will protect your ciphertext from being read and / or modified, provided you hand a unique (not secret) nonce over for each encryption. Until you have proper PHP 7.1 AEAD encryption, you have to use an ad-hoc construction. This means, you first encrypt the data using a (random) 16-byte IV with CTR mode and then you calculate the HMAC-SHA256 of the ciphertext and store the resulting tag, so you can verify it upon next read access.