Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Re: Encrypting strings with more than 8 bytes.

by diotalevi (Canon)
on Jan 13, 2006 at 05:43 UTC ( [id://522894]=note: print w/replies, xml ) Need Help??


in reply to Encrypting strings with more than 8 bytes.

Since you're encrypting credit cards, Crypt::CreditCard would be the right (and easy) way to do this.

⠤⠤ ⠙⠊⠕⠞⠁⠇⠑⠧⠊

Replies are listed 'Best First'.
Re^2: Encrypting strings with more than 8 bytes.
by tirwhan (Abbot) on Jan 13, 2006 at 07:26 UTC

    Though Crypt::CreditCard looks like a good approach, the only versions availabe on CPAN are developer releases and the perldoc explicitly states it is not intended for production use at this point.

    Unless you want to display the credit card number back to the user at some point (which does not sound like good practice to me) you may want to look into using an asymmetric encryption method (such as GPG) for credit card numbers. This ensures that the numbers cannot be stolen even if both your database and the public key you use to encrypt the data have been compromised (providing you keep the private key off-site and safe).


    There are ten types of people: those that understand binary and those that don't.

      I ddidn't read the pod closely enough to see the warnings but did notice that it was accepting some kind of keys and I vaguely guessed it was doing something asymetric. Maybe not. It's what Andre should be using: it leaves things safe on the public computer.

      [Added; My language wasn't clear. "It" in "It's what Andre should be using" referred to something assymetric like gpg. I was agreeing with whoever it was that I was responding to.]

      ⠤⠤ ⠙⠊⠕⠞⠁⠇⠑⠧⠊

        No, Crypt::CreditCard uses AES, which is a symmetric cipher. But it cleverly uses the user password as part of the encryption process (and ideally that password should not be available to the system unless the user is logged on), so it's a good method to use when you need access to the credit card number from the website with user interaction.

        Still, given that it's marked as non-production I would say Andre should not use it unless he's not intending his system to go into production.


        There are ten types of people: those that understand binary and those that don't.
Re^2: Encrypting strings with more than 8 bytes.
by thor (Priest) on Jan 13, 2006 at 15:43 UTC
    Since you're encrypting credit cards
    Sometimes I miss things, but where did the OP say anything about credit cards?

    thor

    The only easy day was yesterday

      He or she said that in the chatterbox.

      ⠤⠤ ⠙⠊⠕⠞⠁⠇⠑⠧⠊

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://522894]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others wandering the Monastery: (5)
As of 2024-03-29 10:54 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found