• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 808
  • Last Modified:

encrypted credit card info in PHP/MySQL

i am providing a php/mysql app for a customer who insists on keeping cc info in the data base.  i realize the short answer to my question is, "don't".  however...

a few pionts:
-i am using php4 on a remote server with mcrypt 2.4
-i am using the twofish cipher in CBC mode
-i store the key in an include file above DOCUMENT_ROOT in a directory inaccessible via URL in a
   file inacessible via URL - the file is "require'd" from php files (not readable as text) in
  directories and files which (obviously) are accessible via URL
-i base64 encode the encrypted data and store it in a varchar(64), and base64 decode the data prior to
  decrypting.  twofish/CBC produces 64 byte base64 data from 16 character credit card numbers.
-i use a wrapper class to manipulate mcrypt from Stone PHP SafeCrypt, Copyright (c) 2006, John
  Haugeland, viewable at http://blog.sc.tri-bit.com/archives/101
-the set of possible modes is
  cbc cfb ctr ecb ncfb nofb ofb stream
-the set of possible ciphers is
  cast-128 gost rijndael-128 twofish arcfour cast-256 loki97
  rijndael-192 saferplus wake blowfish-compat des rijndael-256
  serpent xtea blowfish enigma rc2 tripledes
-the default cipher/mode in the Stone wrapper is twofixh/CBC
-the whole application is behind https

my question is, can  someone with approp knowledge comment on the security of the method suggested above and/or  suggest other ciphers, modes, or methodology to safely meet  my customer's requirement?


0
prevostpilot
Asked:
prevostpilot
  • 2
1 Solution
 
Rich RumbleSecurity SamuraiCommented:
The PHP TA might actually be better for this, I've placed a pointer to this question: http://www.experts-exchange.com/Web/Web_Languages/PHP/PHP_Databases/Q_22046024.html

There is something to remember with storing CC and other user information, this is a great article:
http://www.schneier.com/blog/archives/2005/02/authentication.html

Typically I recommend people use 3rd parties to handle the E-commerce portion, but I think what you've listed above will be sufficient!
http://www.amazon.co.uk/MySQL-Web-Development-Luke-Welling/dp/0672317842
-rich
0
 
prevostpilotAuthor Commented:
rich-
the first link you left comes up blank.  whats a php "ta"? any way you can refresh?

the schneier article is well referred.  my intent (client approval pending, of course) is to delete the cc info after the complete transaction is complete.  in this case, the "relationship" remains open for several weeks, as it is a kind of vacation reservation system (golfing and hotel reservations).  so, after the vacation is over and all the dust settles, i plan to delete the cc#, exp date and cvc.  we'll keep the snailmail and email info so we can solicit future biz. unfortunately, i need to keep the key on the server because i need to debit the card automagically several days prior to arrival at the vacation site.  this info is (will be) listed in the privacy policy.

as you prob'ly noticed, encryption is not my expertise.
-is there any way to get a shorter encrypted cc number?  the current combination of cipher/mode yields 64 bytes of enc'd text.  i'd really like to make this smaller?  

-can you comment about the Stone wrapper code?  i find lots of ref's to it, but no real meat.

tnx


0
 
Rich RumbleSecurity SamuraiCommented:
the first link:
http://www.experts-exchange.com/Web/Web_Languages/PHP/PHP_Databases/Q_22046024.html

I'm no PHP programmer, especially no e-commerce programmer. If the connection is SSL TLS encrypted before the CC# is submitted, I think your ok myself, now securing the connection from the server to the DB (if they are seperate servers) you can also use SSL to access MySQL and write to the DB.

If I was asked to do this, I'd farm it out, and have verisign, paypal, google or other respectable outfit handle the transactions. I can still store the customer data of interest, and not store the CC info. However it's unlikely I could get that 3rd party to expire that info if they don't do so by themselves. That's me though ;)

http://blog.sc.tri-bit.com/archives/101
-rich
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now