I am working for a small company that is going through a PCI DSS
audit. The auditor wants to know how long the key lengths are for
the fields that we have encrypted with pgcrypto 3des. I am by no
means an expert in cryptology, so I am struggling with what to tell
him?I've done a
On Thu, Jul 23, 2009 at 6:11 PM, bulkb...@bohlman.org wrote:
1) What are the default 3des key lengths when you load postgresql
enterprise db on a redhat ES x86_64 box?
Traditionally 3des can use either 112-bit or 56-bit keys. I think the
openssl interface actually lets you set the third key
On Jul 23, 2009, at 10:11 AM, bulk wrote:
I am working for a small company that is going through a PCI DSS
audit.
securitymetrics.com? (They seem to be the low bidder, with everything
that implies. They asked me to open up my firewall to them, pointing
at a fake server, just so they'd
On Jul 23, 2009, at 12:11 PM, Steve Atkins wrote:
4) Is is possible to compile C or Java code that will allow me to
be the only one whom knows the pass-key but allow other users to
encrypt/decrypt data?
Yes, that's asymmetric cryptography, using something like DSA.
Oops. Missed the
On Jul 23, 2009, at 12:11 PM, Steve Atkins wrote:
They asked me to open up my firewall to them, pointing at a fake
server, just so they'd have something to audit, after failing our
audit because we only allowed access to the application from inside
our firewall.
I'm glad it wasn't just
