I'm working on a CMS system and I want to add a feature to protect user's data. Of course passwords are hashed and could only be decoded using brute forcing. But now it's about the rest of the data, for example their mail address. I would like to have a function which encodes a mail address when a user registers which could be decoded each time a mail should be send. Now the problem with hashing is that you can't easily convert it back (I think), at least with md5 and sh1 and similar algorithms this is not possible so this is not what I want.
I would like to have a feature that salt could be used in the en- and decoding process. This means that I have a random string stored somewhere in the web aplication, which is used as 'seed' or 'salt' for this process, so the result will be different if that random string is different, this makes it harder to decode once hackers (for example) broke into the database and stole the data.
I saw a function in PHP called base64_encode() and base64_decode(), these functions can en- and decode the data very easy. The problem with these functions is that there's no 'salt' parameter and I don't think it's very good as protection. Is there's a function which does something similair with more protection with a en- and decode feature, and with a salt parameter?
Thanks in advance, Tim Visée