[ic] Credit Card numbers Stored Encrypted in SQL Database
- No Answer Yet
Dan B
db@cyclonehq.dnsalias.net
Wed, 25 Apr 2001 15:40:55 -0700
At 02:15 PM 4/25/2001 -0600, you wrote:
>So, correct me if I'm wrong, but because of the RH takeover, IC looses
>functionality? There is ZERO risk involved with storing CC#'s on disk if
>they're ENCRYPTED, Which is precisely what I'm trying to do. It worked just
>fine in MV....
"ZERO"? And where is your private key located? If they get access to your
disk (and/or database), and get both the "encrypted" credit card numbers
*and* your private key, how hard of a time will they have cracking your
numbers?
Even without your private key, Beowulf clusters are getting cheap these
days, and cracking your encryption wouldn't be impossible.
That said, I sympathize with your point of view (convenience verses
security), and we are currently trying to decide which will win. (Probably
convenience, but not without a strenuous database security audit).
Dan Browning, Cyclone Computer Systems, danb@cyclonecomputers.com