Two-way encryption: I need to store passwords that can be retrieved

Question

I am creating an application that will store passwords, which the user can retrieve and see. The passwords are for a hardware device, so checking against hashes are out of

Answer 1

1. The PHP function you are after is Mcrypt (http://www.php.net/manual/en/intro.mcrypt.php).

The example from the manual is slightly edited for this example):

You would use mcrypt_decrypt to decrypt your password.

2. The best algorithm is rather subjective - ask 5 people, get 5 answers. Personally if the the default (Blowfish) isn't good enough for you, you probably have bigger problems!

3. Given that it is needed by PHP to encrypt - not sure you can hide it anywhere - welcome comments on this. Standard PHP best coding practices apply of course!

4. Given that the encryption key will be in your code anyway, not sure what you will gain, providing the rest of your application is secure.

5. Obviously, if the encrypted password and the encryption key are stolen, then game over.

I'd put a rider on my answer - I'm not a PHP crypto expert, but, I think what I have answered is standard practice - I welcome comments other may have.