When users register, should I store their email in the db as is or hash it. I want to be able to decrypt it later, so should I use md5?
thank you!
Email encryption is important because it protects you from a data breach. If the hacker can't read your message because it's encrypted, they can't do anything with the information. Since 2013, over 13 billion data records have been lost or stolen.
If you need to know the email address, and if all of those needs can be satisfied by a hashed version, then it sounds like a good idea to store just a hash. If you need to know the email address for purposes which cannot be satisfied by a hash, then it's not a good idea to store just a hash.
Encryption is one of the most important security features to keep your data as secure as possible. Depending on the data you are handling, it is not always a must, but you should at least consider it a security improvement in your organization.
Secret key encryption (or symmetric encryption as it's also known) uses a single key to both encrypt and decrypt data. In the past PHP relied on mcrypt and openssl for secret key encryption. PHP 7.2 introduced Sodium, which is more modern and widely considered more secure.
No, md5()
- is one-way hash function. You can't decrypt its value. Usually it used for passwords which don't need to be decrypted. Instead you compare hashes like:
$salt = "adding some secret to increasse security";
if (md5($user_password . $salt) == $user_password_hash_from_db) {
## password is ok
}
If you want to be able to decrypt your value, then use crypt
php function instead. But it may require additional modules to be installed.
Any way I don't see any practical reason to crypt email.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With