securityencryptionhashaespii

With what key should personal information be encrypted?


I am making a website with PHP, and I need to store personal information about a user (name, address, phone number) in a MySQL database. The information will be shown to the user.

I am planning to use AES encryption to encrypt the data. Using the user password seems user-unfriendly, because the user will have to type his password for every time the data has to be shown.

I wanted to use a string stored in the session, where the id of the user, the hashed password and the username are appended, and then hashed. Is this a safe cipher key to use?


Solution

  • No, that is not safe. All of those values are in the database. As a result, anyone who accesses the database can derive the key, decrypt the values, and read the data.

    Your original idea is better: use the output of a key derivation algorithm such as SCRYPT(don't just hash the password, its too weak) on the user's password as your encryption key. Then store a version of that in the user's session. Of course, you need to make sure session data is stored securely and deleted completely after user logout/idle. One fail safe way to do this is write the data to a file yourself, store the file name in the session, and then securely delete the file (e.g. via the shred command or overwriting with random data).