Hi! On Nov 20, William R. Mussatto wrote: > On Tue, 20 Nov 2001, Ken Kinder wrote: > > > Date: Tue, 20 Nov 2001 08:41:20 -0700 > > From: Ken Kinder <[EMAIL PROTECTED]> > > To: Thomas Kotze` <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > > Subject: Re: MySQL and encryption > > > > I would like to know if anyone has some advice on encrypting credit cards > > myself, as it's something I'm going to be needing to look into for my own > > purposes. > I've used the Crypt::CBC > process in perl. > One thing to remember, if you expose the kind of credit card (e.g., > discover) in another column then at least the 1st digit if not the first > four digits are known so breaking it is not impossible; however, with a > truely random key and a cypher system like twofish or blowfish you should > be relatively safe. Of course if they completely hack the box its a lost > cause since they can find both the code which specifies the method and > the key.
And if they don't, you need not this compression at all. It means that if you want to have _some_ data in the database encrypted, most probably, you have made wrong design decision. (If you want to encrypt _all_ the data - use cryptfs for files and ssl for the traffic). Regards, Sergei -- MySQL Development Team __ ___ ___ ____ __ / |/ /_ __/ __/ __ \/ / Sergei Golubchik <[EMAIL PROTECTED]> / /|_/ / // /\ \/ /_/ / /__ MySQL AB, http://www.mysql.com/ /_/ /_/\_, /___/\___\_\___/ Osnabrueck, Germany <___/ --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
