The level of encryption _is_ the gory details. If you want to do credit card processing, don't use a MS IIS front-end, and use a secure database that has been looked at by someone with a clue. If you want to do real-time transactions, pay very careful attention to how you're arranging your connection to the merchant gateway (the guys that actually debit the cards).
I haven't heard of anyone, ever, as in never ever, cracking even pathetic 40 bit encryption to get at someone's credit card details. What _has_ happened, zillions of times, is that weak servers have been rolled, and the card details have been pulled out of plaintext files in their hundreds or thousands. Don't let that be you. (Oh, and the answer to your actual question is 128, for what it's worth.) Cheers, -- Ben Nagy Network Security Specialist Mb: TBA PGP Key ID: 0x1A86E304 > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Richard Ginski > Sent: Friday, May 24, 2002 7:40 PM > To: [EMAIL PROTECTED] > Subject: OT: Encryption and Credit Card Processing > > > > I'm sorry for being off topic, but the response and > experience on this list is very good and I seek a quick response: > > If an organization wished to do credit card processing > (without me getting into the gory details) what "bit" level > of encryption would you recommend? (SSL implementation) 56 > bit? 128 bit?[...] _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
