Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment Assymetric + Passsword Based Encryption (Score 1) 386

Firstly, don't store cc info longer than you need to.

A technique that I have used before is to generate public & private keys. Encrypt (e.g. DESWithMD5) the private key with a long passphrase (*not* password) and for extra security, store it on an inaccesable machine. The passphrase should be atleast 20 (maybe even more) characters otherwise the password won't have enough entropy to be useful.

In your server process, for each new encryption generate a new symmetric key (e.g. 3DES) and encrypt the credit card info with the symmetric key, then encrypt the symmetric key with the public key. Store both the cc info and the encrypted symmetric key in the DB. ( It is important to have the intermediate step because CC numbers often start with the same digits)

Now, when you start your offline process or any program that needs to access the cc info (preferably on another machine), you'll need to specify the passphrase for the secret key, so that the secret key can be decrypted.

Et Voila!

Slashdot Top Deals

1 Dog Pound = 16 oz. of Alpo

Working...