Re: Database Encryption and PCI issue.



Hello, Mohamed Farid!

What is problem to use hash value (e.g. SHA1 ) of PIN as PK?

Dear All :
We are in our way to have a PCI DSS complaint - and we are facing a
challenge to have encryption with our Database Systems.

The problem is that the Application we are using is using the PIN as a
primary key in the DB tables - and this will make it very hard to
encrypt the PIN columns ...

Anyway - we are using Oracle 9i and the server is connected to HP SAN.
Can anyone advise us: what are the systems we can go after to solve
this?
Is there any technique or 3rd party applications can help us to overcome
this?

M Farid


--
Тарас Иващенко (Taras Ivashchenko)
----
"Software is like sex: it's better when it's free." - Linus Torvalds

Attachment: pgpP8j2MIJkv5.pgp
Description: PGP signature



Relevant Pages

  • Re: Passwords et al.
    ... Unbreakable encryption does you no good if you can't ... Bank uses my ?Skew Line Encryption? ... The Bank and the customer both keep this unique PIN ... be bribed for a copy of the database). ...
    (sci.crypt)
  • Re: Passwords et al.
    ... Unbreakable encryption does you no good if you can't ... Bank uses my ?Skew Line Encryption? ... The Bank and the customer both keep this unique PIN ... be bribed for a copy of the database). ...
    (sci.crypt)
  • Re: HELP, Vulnerability in Debit PIN Encryption security, possibly
    ... Well this may not be "encryption" breaking but it did happen ... While there are numerous reports of academia breaking> encryption schemes, I repeat, there has never been a case to my knowledge ... > It is so much easier to obtain PIN numbers by other means, who would bother> with breaking the encryption? ...
    (sci.crypt)
  • [Full-disclosure] Defeating Image-Based Virtual Keyboards and Phishing Banks (fwd)
    ... screenshot capture, grab a user's PIN number, fairly easily, and wondered ... Image based keyboard (or virtual keyboards) were invented to make life ... harder for banking or phishing trojan horses (specifically key-stroke ... Even when the encryption is used, ...
    (Full-Disclosure)
  • Re: OT: Chip & Pin: How safe are the Keypad terminals?
    ... the encryption. ... Pin reader slot to log the data or some clever bit of software to ... Well all those machines are supposed to do is stop shop staff being able to ... However I dare say they all keep some sort of back-up copy of transactions ...
    (uk.people.consumers.ebay)