Could you use the Zend Encoder to encrypt the PHP script? <http://www.zend.com/store/products/zend-safeguard-suite.php>
-- Lowell Allen > From: Mike Morton <[EMAIL PROTECTED]> > Date: Thu, 30 Jan 2003 09:30:36 -0500 > To: <[EMAIL PROTECTED]> > Subject: [PHP] Encryption using MMCrypt - whats the point? > > I want to use the mcrypt functions to encrypt credit card numbers for > storage in a mysql database, which mycrypt does admirably: > > $key = "this is a secret key"; > $input = "Let us meet at 9 o'clock at the secret place."; > $iv = mcrypt_create_iv (mcrypt_get_iv_size (MCRYPT_RIJNDAEL_256, > MCRYPT_MODE_CBC), MCRYPT_RAND); > > $encrypted_data = base64_encode(@mcrypt_encrypt (MCRYPT_RIJNDAEL_256 , $key, > $input, MCRYPT_MODE_CBC,$iv)); > > The trouble is - the key and the IV. Both of these have to be available in > the merchants administration for retrieval of the credit card, thus need to > be stored somewhere - most likely on the server or in a database. Here is > the problem - if someone gets to the database and retrieves the encrypted > credit card, the chances are that they are able to also retrieve the script > that did the encryption, thus find out where the key and IV are stored, > making it simple to decrypt the credit card for them. > > The only solution that I can see is to use an asymetric encryption and have > the merchant enter the decryption key at the time of credit card retrieval - > but that is unrealistic for a User Interface point of view. > > So - the only other thing that I can see to do is have a compiled program, > bound to the server, that has the key compiled into the program. I am not a > C programmer - so this is also not exactly possible. > > Does anyone else have any answers or has anyone else run into this? Is this > just a general problem with doing encryption through PHP as opposed to a > compiled binary? Can anyone suggest a solution to this problem? > > Thanks :) > > > > > -- > Cheers > > Mike Morton > > **************************************************** > * > * E-Commerce for Small Business > * http://www.dxstorm.com > * > * DXSTORM.COM > * 824 Winston Churchill Blvd, > * Oakville, ON, CA L6J 7X2 > * Tel: 905-842-8262 > * Fax: 905-842-3255 > * Toll Free: 1-877-397-8676 > * > **************************************************** > > "Indeed, it would not be an exaggeration to describe the history of the > computer industry for the past decade as a massive effort to keep up with > Apple." > - Byte Magazine > > Given infinite time, 100 monkeys could type out the complete works of > Shakespeare. Win 98 source code? Eight monkeys, five minutes. > -- NullGrey > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
