Oakbridge Information Solutions
Office: (519) 624-4388
GTA: (416) 606-3885
Fax: (519) 624-3353
Cell: (416) 606-3885
Email: [EMAIL PROTECTED]
Web: http://www.oakbridge.ca
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
Sent: January 27, 2003 5:04 AM
To: Multiple recipients of list witango-talk
Subject: Re: Witango-Talk: Credit Card SecurityTaking out of the manual (Help/Metatags). I am sure that this help you (for free) :-))
<@CIPHER>
Syntax
<@CIPHER ACTION="" TYPE=type STR=string [KEY=key]
[ENCODING=encoding]>Description
Performs encryption, decryption, and hashes on strings using various algorithms and keys.
<@CIPHER> provides the Witango user with access to various encryption algorithms. The user may specify different keys, if required.
Three attributes are required: ACTION, TYPE, and STR.
- ACTION is the action you want to perform, for example, encrypt or decrypt.
- TYPE is the type of action you want to perform, for example, BitRoll.
Note: There is a special case in which TYPE is not required. This occurs when the ACTION is Hash, and this is because Witango supports only one type of Hash.
- STR is the string upon which you want to execute the action, for example, a social security number. A zero length STR is processed by the underlying cipher routines.
KEY may be required or prohibited depending on the TYPE of cipher requested. Keys may be case sensitive.
Warning messages are logged if attributes needed are missing:
[Warning] CIPHER: no action specified
[Warning] CIPHER: type not specified or unknown
[Warning] CIPHER: specified key not valid for this cipher
Ciphers Supported
Each type of cipher has at least one operation permitted. Each may accept a key, may provide a default one if none is given, or may reject any key and use a predetermined value, or none, as appropriate.
Cipher names are case insensitive. The following table lists types of ciphers, their actions, their key restrictions, and a short description of each cipher.
Type
Action
Key Restrictions
Short Description
optional, integer (positive and negative) values only, use "3" as default
rotate characters by x positions, x being successive case-insensitive characters of key,
MD51 one way hash. Produces a 32 character string.
The ACTION has two directions, forward and reverse. This means that you can take a string and encrypt, encipher or hash it in the forward direction, and, for the reverse direction, you can decrypt or decipher.
Hash is a one-way cipher: it works only in the forward position. An example use for this would be a passwords for a UNIX system. One-way hash functions are handled as encipher operations with no corresponding decipher operation. The keyword HASH is accepted as an ACTION for this purpose.
Certain synonyms for the two ciphering operations are supported:
plaintext -> ciphertext
ciphertext -> plaintext
Security Issues
It is up to the user to guarantee the security of their information. BitRoll, Caesar, and Rot13 are not secure at all, and OneTimePad is only as secure as the keys are managed and generated.
Submitting a key through a form may be insecure, especially because the HTTP request could be viewed in transit. The key and algorithm--and anything else as part of the request--can be viewed in transit. Secure channels must be used to hide text in-transit, and very strong ciphers must be used to guarantee security.
See Also
mit freundlichen Gr��en, with best regards
Daniel Richardy________ European Witango Distributor __________
SoftDes GmbH - St. Georgener Strasse 13 - D 79111 Freiburg
Web: www.softdes.de Mail: [EMAIL PROTECTED]
Phone: +49 - 761 - 4 555 666 Fax: +49 - 761 - 4 555 660
_________________ www.witango.net ___________________
----- Original Message -----From: "Fogelson, Steve" <[EMAIL PROTECTED]>To: "Multiple recipients of list witango-talk" <[EMAIL PROTECTED]>Sent: Sunday, January 26, 2003 10:11 PMSubject: Witango-Talk: Credit Card Security> As a follow-up to my previous "security" post, I want to bring up the topic
> of encryption of stored private personal information (fields) such social
> security numbers, drivers license, credit card info, etc.
>
> I need a method to encrypt specific fields in a database. It would be nice
> if With could develop this, but that is probably asking to much at this
> point and time. Although I think there are many applications for this. HIPPA
> related projects, online stores that the customer wants to retain credit
> card info, etc
>
> I would be willing to pay for custom tags that do the following:
>
> 1) Generate a key for encrypting data
> 2) Backup the encryption key
> 3) Encrypt a field with the encryption key
> 4) Decrypt a field with the encryption key
>
> Would need to address where the key and custom code would be stored to
> prevent a hacker from finding it.
>
> Any comments or takers?
>
> Steve Fogelson
> Internet Commerce Solutions
>
> ________________________________________________________________________
> TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED]
> with unsubscribe witango-talk in the message body
>
