Basic secure encryption for sensitive data?

Question

I currently store a considerable amount of information for our internal systems in a MySQL Database. This includes SSH/Remote Desktop passwords, IPMI passwords, etc. For sake of time during development, I just stored these as plain text as no one had access to it, however now that this is to be used by a few of our team members, I need to increase the security some.

From my understanding, it does not sound like the actual encrypted/hashed text can be converted back to plain text with some/most of these options.

I don't necessarily need state of the art security, I just want to make sure these passwords are not stored in plain text in the Database (but I need to be able to convert it back to plain text on the fly). Can this be done with MD5/SHA1/etc?

Answer 1

You can't use hashing algorithms like MD5, but you could use i.e. AES_ENCRYPT because you need lossless encryption.

For decryption use AES_DECRYPT() of course.

Answer 2

MD5/SHA are one way hashes, you cannot convert back. Ideal would be to store the hash of the password, not the password itself.

In your case, you could use mcrypt_encrypt().

Answer 3

I won't recommend MD5/SHA1. Since weak passwords can be retrieved from their hashes using matching tools. I recommend salted hashing with SHA-256 or SHA-512 while storing passwords to database. The hashed password can not be taken back to plain text and you have to match the hashes while checking.

If you want to retrieve your password in plain text, you can use encryption. Symmetric encryption like AES-256 can be used in which you have a key for encrypting and decrypting the password.