php - Should I encrypt email addresses?

Question

When users register, should I store their email in the db as is or hash it. I want to be able to decrypt it later, so should I use md5?

thank you!

Answer 1

I agree that emails are a (minor) information security issue, since that becomes personal information that you've let out into the world if someone gets access to your database, but you'll be wanting a two-way encryption/decryption method to be able to pull the emails back out, as Ivan has mentioned.

Just be aware that basic MD5 hashing is no longer a secure hash.

As wikipedia says in many different ways, no longer secure ( http://en.wikipedia.org/wiki/MD5 ):

US-CERT of the U. S. Department of Homeland Security said MD5 "should be considered cryptographically broken and unsuitable for further use,"[7] and most U.S. government applications will be required to move to the SHA-2 family of hash functions by 2010.[8]

I think one major problem with it is that there are rainbow tables of md5 hashes all over these days, so bare md5 is very susceptible to brute forcing.

Consider it a useful tool for minor obsfucation and sanitizing complex data sets, but it is not a truly secure hash any more. There may be special hoops that you can jump through like both using a salt and performing nested md5 hashings to make it more secure, though I'm no cryptographer. You might want to check out other SO threads like this one for good overall encryption solutions.

Answer 2

md5 isn't an encryption method it's a one way hash. There's no reason to encrypt email addresses in the database. I would leave them as is.