Hi, this is more of a question for people like Wendell than Logan (No offence meant Logan but I just think Wendell knows more about this than you).
I was looking for ways to encrypt all data that is going to be entered by users on a website and saved on a database table. And later read using the decryption key for viewing. I was thinking about storing the encryption and decryption keys on a server that is only accessible from the web server IP where the site will be hosted. That way it is a lot safer than having it on the same server, well I think it is safer. This is where you come in.
First, I want to know which algorithm is best for encrypting the text before storing it in the database and how it is going to impact the performance of the site.
Secondly, is storing the key on a separate server just dumb. And if not how is it going to affect the site performance. Is it going to be noticeable? (Note: The network connection b/n the two servers is going to be as fast as possible).
You might be asking yourself why are you doing this? Basically I don’t want a person to have access to any of the data stored in the database and even if they get it I want it to be encrypted so it is not plain text. If you know of a better way to do this, please mention it below.
The only thing encrypting your data at the database level will accomplish is protecting the data if someone physically steals the machine. When the application is running it must know how to descrypt the data, meaning if its hacked while its on (the most likely scenario) your data isn't protected.
That being said, what you would use on Linux is an encrypted container (a file that acts like a filesystem) making the encryption process transparent to the database. Check into dm-crypt/LUKS
I don't store keys on any server, you don't do that, they must be entered at boot time to decrypt the container before the database is started.
I belive md5 hashing is in a built in library of php. You can try that. the encryptiom key should reside to the webserver, since encrypted data is decrypted on the fly once accessed.
Basically i have all tings figured out for the most part, I am using hashing for the login info and encryption on the physical drive as suggested by @rubley. Thanks everyone for your input and suggestions.