Alfahane
asked on
How can I test encryption strength?
I'm going to store encrypted text in my datebase. But before that I want to test whether the encryption is acceptable enough. The thing is that I've encrypted a 4-letter word and the encrypted string is only 12 characters, and that seems a bit "week".
I need some kind of assurance. Is there a software that tries to decrypt encrypted data?
I need some kind of assurance. Is there a software that tries to decrypt encrypted data?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Great suggestions.
Yes, the encryption key storage is a problem, but I really don't have an idea where to store it. I need it to encrypt data when users register and/or edit their info. The only info stored will be name, email, address etc, but not credit card or something like that.
Yes, the encryption key storage is a problem, but I really don't have an idea where to store it. I need it to encrypt data when users register and/or edit their info. The only info stored will be name, email, address etc, but not credit card or something like that.
ASKER
Regarding padding, should I randomize the length? Does make any difference to the hacker wether the padding length is known?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
http://aspencrypt.com/task_creditcard.html
What do you think about this method?
I was also thinking of salting the text string before encrypting. Also, I was thinking of storing the salt encrypted with the method above.