What database are you using?
I know DB2 has really good support for encrypted columns.
I believe SQL Server has an ENCRYPT function, but I understand that it changed from version 7.0 to 2000 (meaning that any data you encrypted with the 7.0 version couldn't be decrypted automatically with the 2000 version. Thanks again, Microsoft!). Further, the ENCRYPT function, at least in 7.0 is one way, so you couldn't use it to decrypt your data.
Oracle apparently also has column encryption support, but you may have some of the same issues as you would have using Tango's CIPHER tag; that is, key management. From the Oracle 8i docs:
The DBMS_OBFUSCATION_TOOLKIT Package
For applications dealing with this highly sensitive data, Oracle provides the
DBMS_OBFUSCATION_TOOLKIT PL/SQL package to encrypt and decrypt data, including string inputs and raw inputs. The function is limited to selected algorithms, such as the Data Encryption Standard (DES). Developers may not plug in their own encryption algorithms, and the key length is also fixed. The function prohibits making multiple passes of encryption; that is, you cannot nest encryption calls, thereby encrypting an encrypted value. These restrictions are required by U.S. laws governing the export of cryptographic products.
The cryptographic functions provide encrypt and decrypt services only and do not provide any built-in key management services (such as automatic key recovery). Developers using the package must handle key storage programmatically. For example, encryption keys could be stored apart from the database if the intention is to prevent the DBA from seeing encrypted data.
The key (no pun intended) to any solution is key management. No matter what solution you use, the problem is always key management.
Eric
Thanks for the reply. I might not be understanding what you are saying, but it's not the transmission over the internet that I am concerned about. I used a digital certificate for that. I would like certain fields within the table encrypted, so that if a potential hacker got my db, he would still be unable to get the credit card info.Thanks Steve -----Original Message----- From: Robert Shubert [mailto:rshubert@;tronics.com] Sent: Monday, October 21, 2002 4:48 PM To: Multiple recipients of list witango-talk Subject: Re: Witango-Talk: Encrypting Credit Card Info within the Database Why not just install PGP and use the command line to encrypt and decrpyt the data? I've done this from within Witango for transmitting sensative data through the internet. Robert Shubert www.witangostore.com "Fogelson, Steve" wrote: > > Thanks for the responses. > > Eric, > > I looked a little more at the Shopzone's code. They store the key as a file > within the web site. Probably not good. If the db's are available to the > hacker, so would the key. The contents of a sample key seem pretty simple: > > BT_GK1=RHDDzwEAAAACQAAAANpYPBbZhSKJ0OSvdW9MypLdS+UzuAT7D+2U75yKRAPtV0ZQ02mZ2 > ynXdidrotPUEuIY9N0eCEz22AA+fEd06DNAAAAAlu1KX7S2vKW0PNpdagJS/WQ0sXFVvgPw2tfZq > OZIeO9xzkjL1zaALW6NWVPsKP7Hf53nTNjRAHj0V9ixa2qWcgAA > BT_GK2=RHDp9wEAAAACQAAAANpYPBbZhSKJ0OSvdW9MypLdS+UzuAT7D+2U75yKRAPtV0ZQ02mZ2 > ynXdidrotPUEuIY9N0eCEz22AA+fEd06DNAAAAAUX6yYYqMIIKCVTJ71ZoYMoJVMnvVmhgyglUye > 9WaGDKy7lDyX0u9HT1znlxNyL/O3hUkNXwWpGRYJpj/QCHGKQAA > > I don't know anything about encryption, but the code kind of indicates a > password protected public and a private key. > > I'm not trying to disseminate any proprietary info for ShopZone. If I am > crossing the line, someone let me know right away. I am simply intrigued by > their "site owner" key generation and was wondering if anyone has any > suggestions for something outside of Witango that would work within Witango. > > Maybe this would be a consideration for future enhancement to Witango. It > would be a nice feature to be able to securely store info in fields of db's. > > Thanks > Steve > > -----Original Message----- > From: Eric Weidl [mailto:ejw@;intersites.com] > Sent: Monday, October 21, 2002 3:54 PM > To: Multiple recipients of list witango-talk > Subject: Re: Witango-Talk: Encrypting Credit Card Info within the > Database > > Hi, > > >Has anyone done this in the shipping cart software an databases? > > Yes. > > >In their software, you create your own "key" by moving the cursor all over > >the screen. I suppose some sort of random character generation. This unique > >"key" is used to encrypt and decrypt the cc info. > > Sounds cool. > > >As I have mentioned before, I am writing my own Witango Store. For > >additional security, I would like to encrypt the cc info fields within the > >database. I don't expect that someone would hack my sites, but you never > >know. > >I looked at the Witango <@CIPHER> metatag. it states BitRoll, Caesar, and > >Rot13 are not secure at all, and OneTimePad is only as secure as the keys > >are managed and generated. > > BitRoll, Caesar, and Rot13 are trivial and should be avoided for this > purpose. It would take a hacker only minutes to break them > > OneTimePad is, in theory, the only 100% secure classic encryption method. > Unfortunately, practical issues prevent it from being truly secure. > > The name "OneTimePad" refers to the theoretical design of using an > encryption key once and only once. The theory is that each party to the > encryption would have a book or "pad" of papers. Each paper would have a > different, unique encryption key written on it. Each time you want to > encrypt a message (e.g. a credit card number), you would take the top sheet > from the pad, use it to encrypt the message, then throw the page away. The > person receiving the message would take the top sheet from the book (which > should match the sheet you used), and would use it to decrypt the message. > > To demonstrate the issues (and flaws) with the OneTimePad cipher in the > real world, let's apply it to your situation. > > Think of your "submit order" and "review orders" Tango applications as the > two players in the encryption game. To start, your application gets a CC > number from a user. Your "submit order" application should encrypt that > message with a unique key and then store it in the database, where the > "review order" application can later retrieve it. > > Okay, so the submit order TAF has to encrypt the number and to do that it > needs a key. Where does it get the key? It could make one up, but then it > would have to pass that key to the review orders TAF so it would know the > key. How is it going to do that? You could store your keys in the database, > but that's not very secure, is it? You could store the keys in a file on > the server, but if a hacker can get to your database, they can probably get > to anything on the computer. > > Even if you found a secure place to store the keys, you would have the > additional problem of having to remember which key was used to encrypt > which credit card. Every scenario I've seen for solving that problem is > unsecure. Keep in mind that to meet its theoretical limit, each key in a > OneTimePad solution should be used only one time! That means your review > order TAF could display the un-encrypted CC number once, but then, in > theory, it should throw the key away. Not exactly user friendly. > > This summary is a long winded way of saying there is no very good, complete > way of encrypting data in a reversible fashion using Tango's CIPHER meta > tag. It could be part of another solution, but I don't think it could stand > by itself. > > Like anything, security is a continuum, and only you know where your > threshold is on that spectrum. > > Another option you might look at are digital certificates. > > Finally, I'd be very curious to see an explanation of how Shopzone stores > the key you say they generate. I understand that they are probably > generating a random key based upon the movements of your mouse over an area > of the screen, but they still have to store that key somewhere. > > Hope this helps. > > Eric > > ________________________________________________________________________ > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > with unsubscribe witango-talk in the message body > ________________________________________________________________________ > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > with unsubscribe witango-talk in the message body ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body
________________________________________________________________________
TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED]
with unsubscribe witango-talk in the message body
