Originally posted here by PuReExcTacy
[B]The benefit to using blowfish over md5 is that for one, it's a higher level of encryption.
They cannot be compared. It's apples and oranges. Md5 is a hashing algorithm, blowfish is a symmetric cipher. They do different things.

Md5 is only one way hash, which wouldn't help you if you are trying to legitimately retrieve data.
Absolutely!

Blowfish actually uses a negligible amount of cpu power.
I don't think you can meaningfully make that assertion without some context. For example

- Blowfish uses a neligible amount of CPU power, for encrypting / decrypting a short string on a PHP page

Obviously encrypting your entire hard disc using Blowfish (or any other cipher) may not use a "negligible" amount of CPU power.

The question I want to ask is:

- Why encrypt data on a web server if you're not sending it anywhere?
- If you can't trust your machine's own hard disc, you shouldn't be storing sensitive data, encrypted or not - an attacker with access to it can easily find the key to decrypt it, or modify your scripts so they collect data and store it unencrypted
- If your web site runs over HTTP on an untrusted network (example: the internet), why bother encrypting stuff on your HD as the network is obviously much less secure
- Why didn't you mention HTTPS?

Slarty