Solved

Encryption Methods: Compatibility with both PHP and VBA

Posted on 2010-11-22
5
1,292 Views
Last Modified: 2012-08-13
Hi experts,

I'm creating a routine that needs some encryption to store license information. I'm currently using a Base64 encryption method which is available in both PHP and VBA (with an added class). I'm currently looking into other encryption methods though - as I think that Base64 might be a little too easy to 'crack'. I was thinking to maybe add a MD5 encryption with a salt, but I have no idea if there's any VBA classes for MD5.

If anyone have any experience on the subject or could point me in the right direction, that would be great.

Regards,
eX.
0
Comment
Question by:Gaute Rønningen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 16

Accepted Solution

by:
Blaz earned 300 total points
ID: 34188647
First you need to understand that nor base64 nor MD5 is NOT encryption and they are totally different methods:
- base64 is an encoding scheme to represent binary data in ASCII string (http://en.wikipedia.org/wiki/Base64)
- MD5 is a hashing function (http://en.wikipedia.org/wiki/MD5)

From base64 encoded string you can get original data. From MD5 hash you can't get original data.

For encryption you should use methods such as DES (3DES) or AES.
0
 
LVL 13

Expert Comment

by:dsmile
ID: 34190109
0
 
LVL 2

Assisted Solution

by:benschwartz
benschwartz earned 200 total points
ID: 34190985
php's built in library mcrypt is a good place to start:

http://php.net/manual/en/book.mcrypt.php
0
 

Author Comment

by:Gaute Rønningen
ID: 34231218
@Blaz:
Yes, I know - I only need a way of hiding some strings from our regular users. No real 'encryption' needed, just 'cloaking'. Do you know if DES or AES is built-in into PHP and if there are any classes available for VBA for them?

@dsmile:
Looks interesting, but will have to come back to it if we decide to go for MD5.

@benschwartz:
I see. I'll look into it.
0
 
LVL 2

Assisted Solution

by:benschwartz
benschwartz earned 200 total points
ID: 34239754
As blaz said, md5 is a hash and base64 is just an encoding scheme. Neither are suitable as encryption.

A hash is inherently one way, meaning you can never get back to the initial input (This is good if you don't want to store a password: store the md5 hash of the password in the database and when the user attempts to log in later, md5 their password attempt and compare to the store md5. This makes sure nobody (the DBA included) can ever recover the password in plain text).

base64 encoding isn't really encrypting, just format conversion. A similar conversion would be to accept an ascii input and store it as utf8. base64 encoding is just for things like including binary data in a context where only text is accepted.

AES is the defacto standard for encryption, and php mcrypt library provides a rhobust & easy to use interface for implementing it. I would recommend going with this.
0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Do you use a spreadsheet like Microsoft's Excel?  Have you ever wanted to link out to a non excel file on your computer or network drive?  This is the way I found to do it!
This Micro Tutorial will demonstrate on a Mac how to change the sort order for chart legend values and decrpyt the intimidating chart menu.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question