php - Should I encrypt email addresses?

Question

When users register, should I store their email in the db as is or hash it. I want to be able to decrypt it later, so should I use md5?

thank you!

Answer 1

When you use md5 you won't be able to decrypt it. md5 is a one-way-hash function.

Answer 2

If you intend to decrypt them later,MD5 won't be an option, since it only hashes strings, you lose the original data.

I suggest you try some of the built-in PHP encryption functions for that.

Answer 3

No, md5() - is one-way hash function. You can't decrypt its value. Usually it used for passwords which don't need to be decrypted. Instead you compare hashes like:

$salt = "adding some secret to increasse security";
if (md5($user_password . $salt) == $user_password_hash_from_db) {
    ## password is ok
}

If you want to be able to decrypt your value, then use crypt php function instead. But it may require additional modules to be installed.

Any way I don't see any practical reason to crypt email.

Answer 4

The other answers say it all.

However, you should always encrypt hash passwords with at least md5() and a salt, as pointed out in Ivan's reply.

Answer 5

It's not common to encrypt email addresses. If someone really want to keep their email private, they wouldn't give it to your site in the first place :)

Answer 6

MD5 is an hash, which makes it allmost inpossible to get the original value back. You should use an encryption instead of an hash if you want to get the email back.