Adam/Lowell: Thanks for the suggestions but like all clients they want maximum function for minimum $$ - encoders are therefore not a possibility (but I will keep that in mind for future apps :))
Thanks. On 1/30/03 9:55 AM, "Adam Voigt" <[EMAIL PROTECTED]> wrote: > http://www.ioncube.com/ > > Encrypt PHP scripts (there pretty cheap to). > > On Thu, 2003-01-30 at 09:30, Mike Morton wrote: > I want to use the mcrypt functions to encrypt credit card numbers for > storage in a mysql database, which mycrypt does admirably: > > $key = "this is a secret key"; > $input = "Let us meet at 9 o'clock at the secret place."; > $iv = mcrypt_create_iv (mcrypt_get_iv_size (MCRYPT_RIJNDAEL_256, > MCRYPT_MODE_CBC), MCRYPT_RAND); > > $encrypted_data = base64_encode(@mcrypt_encrypt (MCRYPT_RIJNDAEL_256 , $key, > $input, MCRYPT_MODE_CBC,$iv)); > > The trouble is - the key and the IV. Both of these have to be available in > the merchants administration for retrieval of the credit card, thus need to > be stored somewhere - most likely on the server or in a database. Here is > the problem - if someone gets to the database and retrieves the encrypted > credit card, the chances are that they are able to also retrieve the script > that did the encryption, thus find out where the key and IV are stored, > making it simple to decrypt the credit card for them. > > The only solution that I can see is to use an asymetric encryption and have > the merchant enter the decryption key at the time of credit card retrieval - > but that is unrealistic for a User Interface point of view. > > So - the only other thing that I can see to do is have a compiled program, > bound to the server, that has the key compiled into the program. I am not a > C programmer - so this is also not exactly possible. > > Does anyone else have any answers or has anyone else run into this? Is this > just a general problem with doing encryption through PHP as opposed to a > compiled binary? Can anyone suggest a solution to this problem? > > Thanks :) > > > -- Cheers Mike Morton **************************************************** * * E-Commerce for Small Business * http://www.dxstorm.com * * DXSTORM.COM * 824 Winston Churchill Blvd, * Oakville, ON, CA L6J 7X2 * Tel: 905-842-8262 * Fax: 905-842-3255 * Toll Free: 1-877-397-8676 * **************************************************** "Indeed, it would not be an exaggeration to describe the history of the computer industry for the past decade as a massive effort to keep up with Apple." - Byte Magazine Given infinite time, 100 monkeys could type out the complete works of Shakespeare. Win 98 source code? Eight monkeys, five minutes. -- NullGrey
