Dave you are right. I am not saying I am cryptology master, I just think I could do better than the cfencrypt. That was my point - came out diluted and misread, but I was basically telling this guy to not even think of splitting the data into to tables and feel safe. Encryption methodologies I studied in college and then after would be my foundation for building my own... I was on my way to a life at the NSA/etc...
Best bet is absolutely to not store your CC number. If big BIG companies can get ripped off with the CC numbers, then obviously hackers get their way regardless... -Bill brainbox ----- Original Message ----- From: "Dave Watts" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Sunday, January 27, 2002 7:45 PM Subject: RE: Best way to store credit cards in database? > > > The problem with CFENCRYPT isn't that it's a public > > > standard, but rather that it uses a relatively weak > > > encryption strength (that, along with the fact that > > > the key is probably stored somewhere within the > > > application code or environment). > > > > Ditto. As I and, you, and others have mentioned... cryptography > > isn't a game for newbies. I'm sure the author's of cfencrypt > > thought their code was cool... but I'm just as sure that > > serious hacker types (especially those who do it for the > > money) were laughing their [censored] off when they ran > > in that alg. > > > > I'd be willing to bet cash several of them owned :) the > > alg within half an hour. Counting snack breaks. > > For some reason, I thought it simply used 56-bit DES, but then I looked at > the docs. Yeesh! > > "Encrypts a string. Encrypt uses a symmetric key-based algorithm in which > the same key is used to encrypt and decrypt a string. The security of the > encrypted string depends on maintaining the secrecy of the key. Encrypt uses > an XOR-based algorithm that uses a pseudo-random 32-bit key based on a seed > passed by the user as a parameter to the function. The resultant data is > UUencoded and may be as much as three times the original size." > > I'm filled with confidence now. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > voice: (202) 797-5496 > fax: (202) 797-5444 > ______________________________________________________________________ Get Your Own Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation � $99/Month � Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionb FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
