Encryption Methods: Compatibility with both PHP and VBA

Hi experts,

I'm creating a routine that needs some encryption to store license information. I'm currently using a Base64 encryption method which is available in both PHP and VBA (with an added class). I'm currently looking into other encryption methods though - as I think that Base64 might be a little too easy to 'crack'. I was thinking to maybe add a MD5 encryption with a salt, but I have no idea if there's any VBA classes for MD5.

If anyone have any experience on the subject or could point me in the right direction, that would be great.

Regards,
eX.
Gaute RønningenOwner, DeveloperAsked:
Who is Participating?
 
BlazConnect With a Mentor Commented:
First you need to understand that nor base64 nor MD5 is NOT encryption and they are totally different methods:
- base64 is an encoding scheme to represent binary data in ASCII string (http://en.wikipedia.org/wiki/Base64)
- MD5 is a hashing function (http://en.wikipedia.org/wiki/MD5)

From base64 encoded string you can get original data. From MD5 hash you can't get original data.

For encryption you should use methods such as DES (3DES) or AES.
0
 
dsmileCommented:
0
 
benschwartzConnect With a Mentor Commented:
php's built in library mcrypt is a good place to start:

http://php.net/manual/en/book.mcrypt.php
0
 
Gaute RønningenOwner, DeveloperAuthor Commented:
@Blaz:
Yes, I know - I only need a way of hiding some strings from our regular users. No real 'encryption' needed, just 'cloaking'. Do you know if DES or AES is built-in into PHP and if there are any classes available for VBA for them?

@dsmile:
Looks interesting, but will have to come back to it if we decide to go for MD5.

@benschwartz:
I see. I'll look into it.
0
 
benschwartzConnect With a Mentor Commented:
As blaz said, md5 is a hash and base64 is just an encoding scheme. Neither are suitable as encryption.

A hash is inherently one way, meaning you can never get back to the initial input (This is good if you don't want to store a password: store the md5 hash of the password in the database and when the user attempts to log in later, md5 their password attempt and compare to the store md5. This makes sure nobody (the DBA included) can ever recover the password in plain text).

base64 encoding isn't really encrypting, just format conversion. A similar conversion would be to accept an ascii input and store it as utf8. base64 encoding is just for things like including binary data in a context where only text is accepted.

AES is the defacto standard for encryption, and php mcrypt library provides a rhobust & easy to use interface for implementing it. I would recommend going with this.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.