Could you use the Zend Encoder to encrypt the PHP script?
<http://www.zend.com/store/products/zend-safeguard-suite.php>

--
Lowell Allen 

> From: Mike Morton <[EMAIL PROTECTED]>
> Date: Thu, 30 Jan 2003 09:30:36 -0500
> To: <[EMAIL PROTECTED]>
> Subject: [PHP] Encryption using MMCrypt - whats the point?
> 
> I want to use the mcrypt functions to encrypt credit card numbers for
> storage in a mysql database, which mycrypt does admirably:
> 
> $key = "this is a secret key";
> $input = "Let us meet at 9 o'clock at the secret place.";
> $iv = mcrypt_create_iv (mcrypt_get_iv_size (MCRYPT_RIJNDAEL_256,
> MCRYPT_MODE_CBC), MCRYPT_RAND);
> 
> $encrypted_data = base64_encode(@mcrypt_encrypt (MCRYPT_RIJNDAEL_256 , $key,
> $input, MCRYPT_MODE_CBC,$iv));
> 
> The trouble is - the key and the IV.  Both of these have to be available in
> the merchants administration for retrieval of the credit card, thus need to
> be stored somewhere - most likely on the server or in a database.  Here is
> the problem - if someone gets to the database and retrieves the encrypted
> credit card, the chances are that they are able to also retrieve the script
> that did the encryption, thus find out where the key and IV are stored,
> making it simple to decrypt the credit card for them.
> 
> The only solution that I can see is to use an asymetric encryption and have
> the merchant enter the decryption key at the time of credit card retrieval -
> but that is unrealistic for a User Interface point of view.
> 
> So - the only other thing that I can see to do is have a compiled program,
> bound to the server, that has the key compiled into the program.  I am not a
> C programmer - so this is also not exactly possible.
> 
> Does anyone else have any answers or has anyone else run into this?  Is this
> just a general problem with doing encryption through PHP as opposed to a
> compiled binary?  Can anyone suggest a solution to this problem?
> 
> Thanks :)
> 
> 
> 
> 
> --
> Cheers
> 
> Mike Morton
> 
> ****************************************************
> *
> *  E-Commerce for Small Business
> *  http://www.dxstorm.com
> *
> * DXSTORM.COM
> * 824 Winston Churchill Blvd,
> * Oakville, ON, CA L6J 7X2
> * Tel: 905-842-8262
> * Fax: 905-842-3255
> * Toll Free: 1-877-397-8676
> *
> ****************************************************
> 
> "Indeed, it would not be an exaggeration to describe the history of the
> computer industry for the past decade as a massive effort to keep up with
> Apple."
> - Byte Magazine
> 
> Given infinite time, 100 monkeys could type out the complete works of
> Shakespeare. Win 98 source code? Eight monkeys, five minutes.
> -- NullGrey 
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to