I'm building a quick site with CodeIgniter and currently I'm making use of the CI 'encrypt' library. Reading through here it sounds like I just throw on a quick:
$this->encrypt->encode($secret_data);
and do this when you want to use it:
$this->encrypt->decode($encripted_string);
Then the magic of CI and Mcrypt do the rest.
Well I'm not sure I can sleep without knowing what is going on in the background. So I have two questions...
How is this working? Or is there a good resource to explain to me how this is working that I can read up on it?
Is this generally thought of as a safe way to encrypt data? If not where else should I be looking.
1. How is it working:
codeigniter 2.x
The CodeIgniter Encryption Class provides a two-way keyed encoding using XOR Hashing and Mcrypt.
interesting about XOR Hashing: https://stackoverflow.com/a/27952689/2275490
the php manual about Mcrypt: http://php.net/manual/en/book.mcrypt.php
Also you might want to check in system->libraries for the encrypt.php file and discover what it does.
codeigniter 3.x
Provides two-way keyed encoding using Mcrypt
the php manual about Mcrypt: http://php.net/manual/en/book.mcrypt.php the CI manual: http://www.codeigniter.com/userguide3/libraries/encryption.html
2. thought as safe way to encrypt data:
that's opinion based, I think definitely yes for a "quick site"