I raised a similar question a couple of months ago. Jess Parker, a former Pervasive/EveryWare Tango guru stated that the encryption tag was pretty much useless. If I remember correctly, he also told me that the OneTimePad didn't work as the code needed was watered down in the Tango Server just before it was released because of problems.
He suggested using an external. Hope this helps, Steve Smith Skadt Information Solutions Office: (519) 624-4388 GTA: (416) 606-3885 Fax: (519) 624-3353 Cell: (416) 606-3885 Email: [EMAIL PROTECTED] Web: http://www.skadt.com > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:owner-witango-talk@;witango.com]On Behalf Of Fogelson, Steve > Sent: October 21, 2002 4:09 PM > To: Multiple recipients of list witango-talk > Subject: Witango-Talk: Encrypting Credit Card Info within the Database > > > Has anyone done this in the shipping cart software an databases? > > I have used Shopzone for a shopping cart in the past. Last year they > released an new version that would encrypt the credit card info within the > database. There was a group of hackers in Russia that hacked into commerce > databases and stole credit card info. Shopzone revised their cart incase > that someone hacked into customer commerce databases. If they did, they > would still have to decrypt the cc info. > > In their software, you create your own "key" by moving the cursor all over > the screen. I suppose some sort of random character generation. > This unique > "key" is used to encrypt and decrypt the cc info. > > As I have mentioned before, I am writing my own Witango Store. For > additional security, I would like to encrypt the cc info fields within the > database. I don't expect that someone would hack my sites, but you never > know. > I looked at the Witango <@CIPHER> metatag. it states BitRoll, Caesar, and > Rot13 are not secure at all, and OneTimePad is only as secure as the keys > are managed and generated. > > Anyone have any recommendations or experience in this. > > Thanks > > Steve Fogelson > Internet Commerce Solutions > ________________________________________________________________________ > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > with unsubscribe witango-talk in the message body > > ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body
