I have found a nice basic cipher class which I am now using to convert all plain-text passwords in my MySQL Database. Currently the rows containing passwords are varchar(64) but I believe they should be converted to char(128). Can anyone confirm that 128 length will be long enough for the encrypted hash returned by this class?
I see it hashes the key with sha256 but uses MCRYPT_RIJNDAEL_128 so I am not sure if I need to make the length char(128) or char(256)
<?php
class Cipher
{
private $securekey;
private $iv_size;
function __construct($textkey)
{
$this->iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$this->securekey = hash('sha256', $textkey, TRUE);
}
function encrypt($input)
{
$iv = mcrypt_create_iv($this->iv_size);
return base64_encode($iv . mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->securekey, $input, MCRYPT_MODE_CBC, $iv));
}
function decrypt($input)
{
$input = base64_decode($input);
$iv = substr($input, 0, $this->iv_size);
$cipher = substr($input, $this->iv_size);
return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->securekey, $cipher, MCRYPT_MODE_CBC, $iv));
}
}
?>
Can anyone confirm that 128 length will be long enough for the encrypted hash returned by this class?
Maybe? Run some tests. Look at the documentation.
Currently the rows containing passwords are varchar(64) but I believe they should be converted to char(128).
Keep them as VARCHAR, change the length to 255. VARCHARS are stored in the backend as the string, plus one or two bytes to denote the length. One byte for 1 to 255, two bytes for 256-65535.
eg:
A VARCHAR(255) containing the word "butts" comprises 6 bytes of storage in the back end.
A CHAR(128) containing the word "butts" comprises 128 bytes of storage in the back end.