Probably not a PHP question specifically, but I am using PHP and the PHP mcrypt library. I am looking to encrypt a string (a password) using mcrypt_encrypt. Now with this we specify a key and using the key I can get back from the encrypted version to the original. However, I never want to be able to do this. Therefore I am taking a md5 hash of the password and using this as the key to encrypt the password itself. To double check whether the user has entered the correct password in the future all I need to do is encrypt that entered password (using the md5 hash as the key) and compare it with the value stored in the database.
Bearing in mind I am throwing away the md5 hash key after use, is this encryption approach completely irreversible? I think it probably is.
Sorry, but you are not allowed to view signatures , please Register or Login