用于存储个人详细信息的类,inc。 银行帐户信息,用PHP(Mcrypt)-可以吗? 如何改善?
[英]Class for storing personal details, inc. bank account info, in PHP (Mcrypt) - is this ok? How could it be improved?
问题描述
I've been given the task of writing an encryption function that'll let my boss easily encrypt various bits of data to go into a database. 
我被赋予编写加密功能的任务,该功能使我的老板可以轻松地加密各种数据以进入数据库。 This will include
credit card details
bank account information. 这将包括
信用卡详细信息
银行帐户信息。 I've never used encryption within PHP before so am a touch worried. 在此之前,我从未在PHP中使用过加密功能,因此我很担心。
Here's what I've done so far with the help of O'reilly's Essential PHP Security: http://pastebin.com/7L2GxPNJ 到目前为止,这是我在O'reilly的Essential PHP安全性帮助下所做的事情: http ://pastebin.com/7L2GxPNJ
The IV doesn't actually seem to do anything, which concerns me. 静脉注射似乎并没有做任何事,这令我感到担忧。 Why's that? 为什么?
Would appreciate it very much if someone could look through this code and check it out. 如果有人可以看一下这段代码并将其签出,将不胜感激。 I've spoken to a friend who reckons it'd be better off written as a daemon on another server that PHP would then connect to, however that can't be done yet - I'm just following orders. 我谈过一个朋友,谁估计这会是好写为另一台服务器PHP会然后连接到一个守护进程,但不能没有完成-我只是奉命行事。
For the moment, are there any improvements that could be made? 目前,是否可以进行任何改进? What's the deal with the IV? IV怎么办?
Thanks. 谢谢。
1 个解决方案
解决方案1
0 2011-02-01 12:59:14
The IV doesn't actually seem to do anything, which concerns me.
An initialization vector is rather important - particularly when encrypting lots of small fragemnts of data. 初始化向量非常重要-尤其是在加密大量小的数据片段时。 Somethnig is amiss if the encrypted data is not modified by the IV. 如果IV未修改加密数据,则不正确。 And if you're storing the encryption key on the same filesystem as the encrypted data, it's just security by obscurity. 而且,如果您将加密密钥与加密数据存储在同一文件系统中,那么它只是出于安全考虑而已。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.