AES Questions From Another Dummy.

Hi Folks:

I'll start by thanking all of you. Reading the Google archives
for this group is very educational. I'm a programmer, not a
mathematician, so most of this discussion is way over my head.

I'm building an application that stores, among other things,
personal information about employees and members of organizations.
Names, addresses, phone numbers, and the contents of an edit box
where they may enter several pages of text.

Some users will keep this information on stand alone computers,
perhaps laptops, others on a central server.

The goal is to keep thieves from gaining phone numbers and other
personal information from the database.

The person running the program will enter a key that will be used
for their session. Other users will have their own keys.

Here is what I intend to do, and I'd appreciate any suggestions.

I'll be using the code described in a page on The Code Project

http://www.codeproject.com/cpp/aes.asp

ECB, CBC or CFB? It's all alphabet soup to me, and a single
argument to the encrypt and decrypt functions. ECB doesn't seem to
be favored by those who post in this group.

Pad the front of the clear text with some random ASCII, probably
16 bytes.

Terminate the text with a zero, then pad out to a multiple of the
block size with random text.

Then encrypt it.

Am I missing anything?

With all the recent news about breaches of computer security and
identity theft, I'm leary of keeping Social Security and credit card
numbers in the database. But customers may want that option. Would
you consider the precautions I've mentioned, together with the advice
I hope to receive from you folks, adequate protection for such
sensitive information?

Thanks
Larry




.