Solved

encrypted credit card info in PHP/MySQL

Posted on 2006-11-01
3
795 Views
Last Modified: 2010-04-11
i am providing a php/mysql app for a customer who insists on keeping cc info in the data base.  i realize the short answer to my question is, "don't".  however...

a few pionts:
-i am using php4 on a remote server with mcrypt 2.4
-i am using the twofish cipher in CBC mode
-i store the key in an include file above DOCUMENT_ROOT in a directory inaccessible via URL in a
   file inacessible via URL - the file is "require'd" from php files (not readable as text) in
  directories and files which (obviously) are accessible via URL
-i base64 encode the encrypted data and store it in a varchar(64), and base64 decode the data prior to
  decrypting.  twofish/CBC produces 64 byte base64 data from 16 character credit card numbers.
-i use a wrapper class to manipulate mcrypt from Stone PHP SafeCrypt, Copyright (c) 2006, John
  Haugeland, viewable at http://blog.sc.tri-bit.com/archives/101
-the set of possible modes is
  cbc cfb ctr ecb ncfb nofb ofb stream
-the set of possible ciphers is
  cast-128 gost rijndael-128 twofish arcfour cast-256 loki97
  rijndael-192 saferplus wake blowfish-compat des rijndael-256
  serpent xtea blowfish enigma rc2 tripledes
-the default cipher/mode in the Stone wrapper is twofixh/CBC
-the whole application is behind https

my question is, can  someone with approp knowledge comment on the security of the method suggested above and/or  suggest other ciphers, modes, or methodology to safely meet  my customer's requirement?


0
Comment
Question by:prevostpilot
  • 2
3 Comments
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17854721
The PHP TA might actually be better for this, I've placed a pointer to this question: http://www.experts-exchange.com/Web/Web_Languages/PHP/PHP_Databases/Q_22046024.html

There is something to remember with storing CC and other user information, this is a great article:
http://www.schneier.com/blog/archives/2005/02/authentication.html

Typically I recommend people use 3rd parties to handle the E-commerce portion, but I think what you've listed above will be sufficient!
http://www.amazon.co.uk/MySQL-Web-Development-Luke-Welling/dp/0672317842
-rich
0
 

Author Comment

by:prevostpilot
ID: 17863826
rich-
the first link you left comes up blank.  whats a php "ta"? any way you can refresh?

the schneier article is well referred.  my intent (client approval pending, of course) is to delete the cc info after the complete transaction is complete.  in this case, the "relationship" remains open for several weeks, as it is a kind of vacation reservation system (golfing and hotel reservations).  so, after the vacation is over and all the dust settles, i plan to delete the cc#, exp date and cvc.  we'll keep the snailmail and email info so we can solicit future biz. unfortunately, i need to keep the key on the server because i need to debit the card automagically several days prior to arrival at the vacation site.  this info is (will be) listed in the privacy policy.

as you prob'ly noticed, encryption is not my expertise.
-is there any way to get a shorter encrypted cc number?  the current combination of cipher/mode yields 64 bytes of enc'd text.  i'd really like to make this smaller?  

-can you comment about the Stone wrapper code?  i find lots of ref's to it, but no real meat.

tnx


0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
ID: 17864037
the first link:
http://www.experts-exchange.com/Web/Web_Languages/PHP/PHP_Databases/Q_22046024.html

I'm no PHP programmer, especially no e-commerce programmer. If the connection is SSL TLS encrypted before the CC# is submitted, I think your ok myself, now securing the connection from the server to the DB (if they are seperate servers) you can also use SSL to access MySQL and write to the DB.

If I was asked to do this, I'd farm it out, and have verisign, paypal, google or other respectable outfit handle the transactions. I can still store the customer data of interest, and not store the CC info. However it's unlikely I could get that 3rd party to expire that info if they don't do so by themselves. That's me though ;)

http://blog.sc.tri-bit.com/archives/101
-rich
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now