Re: Multiple key scheme -- Am I gaining anything?

From: Jack (aegerbearlord_at_rpgbattlezone.com)
Date: 01/30/04

• Next message: Jack: "Re: LEN SASSAMAN: WHERE DID YOU LEARN HOW TO LIE WITH SUCH A BALD FACE?"
• Previous message: Jack: "Re: question"
• In reply to: Scott Bryce: "Multiple key scheme -- Am I gaining anything?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 30 Jan 2004 06:21:07 -0800

Scott Bryce <sbryce@scottbryce.com> wrote in message news:<101iqh15792p9c0@corp.supernews.com>...
> I am writing transaction information to a database. I need to encrypt
> credit card numbers.
>
> I have a file with several thousand psuedo-random characters. I am using
> the first two characters in a unique record identifier to determine a
> location in the file where I extract a string of characters to use as a
> key to encrypt the credit card info in that record. This way each credit
> card number is encrypted using a different key.
>
> The record identifier is in the database, so if the encrypted credit
> card numbers are exposed, the identifier will be as well.
>
> I am using triple-DES encryption (hopefully, if I can get the host to
> install the modules).
>
> Am I gaining anything by using a different key for each record? Or am I
> losing security by basing the key selection on data that could be exposed?

I must say, Scott, with all due respect, your plan seems good at first
glance, but inside it's just too complicated for practical use, unless
you have a staff of trained technicians. But even with such a staff,
there would still need to be a ground- or wire-based record of each
code (ground- or wire-based being computer or filing cabinet). It
could work under the proper circumstances, yes. But it needs to
perhaps be streamlined, if you will. But I highly commend you on your
effort.
Signed, Codebreaker

• Next message: Jack: "Re: LEN SASSAMAN: WHERE DID YOU LEARN HOW TO LIE WITH SUCH A BALD FACE?"
• Previous message: Jack: "Re: question"
• In reply to: Scott Bryce: "Multiple key scheme -- Am I gaining anything?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Encryption newbie - Same length encrypted result ... >the credit card fields to allow for longer encrypted cc numbers. ... >Currently the CC field can hold 20 characters. ... I want to encrypt any ... Use a block cipher with a 20 character block length. ... (sci.crypt) Re: Multiple key scheme -- Am I gaining anything? ... > I have a file with several thousand psuedo-random characters. ... > key to encrypt the credit card info in that record. ... While thinking about database security, you have to hold your mouth just ... (sci.crypt) Multiple key scheme -- Am I gaining anything? ... I have a file with several thousand psuedo-random characters. ... key to encrypt the credit card info in that record. ... The record identifier is in the database, ... (sci.crypt) How do I make my database secure? ... I have a sql server database hosted by an ISP. ... It has credit card ... Is there some way to encrypt the connection string? ... (microsoft.public.dotnet.framework.aspnet) Data encryption ... what is the best way to store information like Credit Card ... numbers in database. ... Is there any options to encrypt and store it. ... (microsoft.public.sqlserver.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint