in reply to Encrypting Credit card numbers
I freely admit that I have no experience encrypting sensitive data, but as I read through the responses on this thread, a rather queer idea occurred to me:
Would would everyone think of a system whereby the user chooses a password when then enter their CC#. On the server, that password in encrypted using crypt() or some similar one-way encryption, and then the line of gibberish that is the encrypted password is used as the key for the encryption on the actual CC#. That way, the numbers can be stored on the server, while the keys aren't.
Would something like this work?
Spacewarp
DISCLAIMER:
Use of this advanced computing technology does not imply an endorsement
of Western industrial civilization.
Would would everyone think of a system whereby the user chooses a password when then enter their CC#. On the server, that password in encrypted using crypt() or some similar one-way encryption, and then the line of gibberish that is the encrypted password is used as the key for the encryption on the actual CC#. That way, the numbers can be stored on the server, while the keys aren't.
Would something like this work?
Spacewarp
DISCLAIMER:
Use of this advanced computing technology does not imply an endorsement
of Western industrial civilization.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Re: Encrypting Credit card numbers
by turnstep (Parson) on Apr 23, 2001 at 15:25 UTC | |
Re: Re: Encrypting Credit card numbers
by petethered (Pilgrim) on Apr 23, 2001 at 08:45 UTC |
In Section
Meditations