Re: [PHP] Encryption

[Richard Lynch]

>I am trying to do a simple encryption on a credit card number to store in a
mysql text field.
>I also have to de-crypt the number after exporting to an access db.
>I tried to use xor encryption, but it seems to only work half the time, the
other half, I >can't seem to de-crypt the # properly, some of the numbers
end up screwed.
>Is this because of the way mysql is storing the field? Mabye it can't
recognize some of the >characters that are generated from the xor
encryption?
>
>Ex: 123456789123 may end up 1 YdR
  and then de-crypts to
1234(*$8912#
>
>Is it the  that are the problem?  Or is the the access database that isn't
properly storing >the   ?

Yes, those are the problems.  You are XOR-ing and getting invalid
characters.  You could URLEncode/URLDecode it, or
Base64_Encode/Base64_Decode or some other way of guaranteeing that your
databases don't have to deal with funky characters.

>Is there a better way to do this?

This is a *really* bad idea, all around.  Either the place you are storing
the credit card numbers is "secure enough" that encrypting them is
pointless, or it's not secure enough at all, and your encryption won't stop
anybody who wants those numbers.

You shouldn't be storing nor transporting credit card numbers insecurely.
XOR-encryption is not secure, by definition.

--
Visit the Zend Store at http://www.zend.com/store/
Wanna help me out?  Like Music?  Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]