[ic] Credit Card numbers Stored Encrypted in SQL Database - No Answer Yet

Dan B db@cyclonehq.dnsalias.net
Wed, 25 Apr 2001 15:40:55 -0700

At 02:15 PM 4/25/2001 -0600, you wrote:
>So, correct me if I'm wrong, but because of the RH takeover, IC looses
>functionality?  There is ZERO risk involved with storing CC#'s on disk if
>they're ENCRYPTED, Which is precisely what I'm trying to do.  It worked just
>fine in MV....

"ZERO"?  And where is your private key located?  If they get access to your 
disk (and/or database), and get both the "encrypted" credit card numbers 
*and* your private key, how hard of a time will they have cracking your 

Even without your private key, Beowulf clusters are getting cheap these 
days, and cracking your encryption wouldn't be impossible.

That said, I sympathize with your point of view (convenience verses 
security), and we are currently trying to decide which will win.  (Probably 
convenience, but not without a strenuous database security audit).

Dan Browning, Cyclone Computer Systems, danb@cyclonecomputers.com