in reply to Encrypting Credit card numbers
I freely admit that I have no experience encrypting sensitive data, but as I read through the responses on this thread, a rather queer idea occurred to me:
Would would everyone think of a system whereby the user chooses a password when then enter their CC#. On the server, that password in encrypted using crypt() or some similar one-way encryption, and then the line of gibberish that is the encrypted password is used as the key for the encryption on the actual CC#. That way, the numbers can be stored on the server, while the keys aren't.
Would something like this work?
Spacewarp
DISCLAIMER:
Use of this advanced computing technology does not imply an endorsement
of Western industrial civilization.
Would would everyone think of a system whereby the user chooses a password when then enter their CC#. On the server, that password in encrypted using crypt() or some similar one-way encryption, and then the line of gibberish that is the encrypted password is used as the key for the encryption on the actual CC#. That way, the numbers can be stored on the server, while the keys aren't.
Would something like this work?
Spacewarp
DISCLAIMER:
Use of this advanced computing technology does not imply an endorsement
of Western industrial civilization.
In Section
Meditations