On 11/20/01 at 6:22 PM, Sergei Golubchik wrote: > Hi! > > On Nov 20, William R. Mussatto wrote: > > On Tue, 20 Nov 2001, Ken Kinder wrote: > > > > > Date: Tue, 20 Nov 2001 08:41:20 -0700 > > > From: Ken Kinder <[EMAIL PROTECTED]> > > > To: Thomas Kotze` <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > > > Subject: Re: MySQL and encryption > > > > > > I would like to know if anyone has some advice on encrypting credit cards > > > myself, as it's something I'm going to be needing to look into for my own > > > purposes. > > I've used the Crypt::CBC > > process in perl. > > One thing to remember, if you expose the kind of credit card (e.g., > > discover) in another column then at least the 1st digit if not the first > > four digits are known so breaking it is not impossible; however, with a > > truely random key and a cypher system like twofish or blowfish you should > > be relatively safe. Of course if they completely hack the box its a lost > > cause since they can find both the code which specifies the method and > > the key. > > And if they don't, you need not this compression at all. > > It means that if you want to have _some_ data in the database encrypted, > most probably, you have made wrong design decision. > (If you want to encrypt _all_ the data - use cryptfs for files and > ssl for the traffic).
I think it is worth encrypting some data in a database since it reduces the possibility that an accidental exposure is going to compromise your customers. If no data in the database is encrypted the someone who gets hold of a backup or manages to get into the database through a network connection can see the sensitive data. If the data is encrypted then they also have to find the key, determine the algorithm, etc. If the key and algorithm are not stored in the database, for example if they are stored in the server-side code of your Web pages, then they need to gain access not just to the database, but also to the code of your Web pages in order to compromise the security of the sensitive data in the database. This is the reason why backups might be placed in safe within a locked server room within a secure building. Maybe the combination to the safe is written down in the manager's desk, but it requires several steps and several keys to get to the sensitive data. The compromise of one key is not sufficient. In any case, it is never sufficient to assume that simply encrypting some data makes it secure. You need to think about the security of the network between machines on your LAN, the security of your backups, the security of your administration tools, etc. Also, you need to think about how you'll get to the secured data in the future if you need to. What happens if you lose the key that was used to encrypted the data? [fletcher] -- Fletcher Sandbeck [EMAIL PROTECTED] Lasso Product Specialist [EMAIL PROTECTED] Blue World Communications, Inc. http://www.blueworld.com/ --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php