> Roll your own encryption. I remember awhile back some > posted their algorithm for encryption in CF, and it > seemed pretty solid. If you use your own encryption > scheme, it would be a lot harder for a hacker to decrypt > the CC number.
Yikes! I'd strongly recommend against writing your own encryption algorithms, unless you're Bruce Schneier or the like. A good, publicly-examined algorithm is your best bet. There's a reason why the government takes so long to approve an encryption algorithm - public examination by experts is the best way to find flaws within the algorithm. Here's a good quote on the subject: http://www.counterpane.com/crypto-gram-9810.html#cipherdesign > Using a public standard (like cfencrypt) is not a > very good solution. The problem with CFENCRYPT isn't that it's a public standard, but rather that it uses a relatively weak encryption strength (that, along with the fact that the key is probably stored somewhere within the application code or environment). Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ Get Your Own Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionb FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists