encryption, cc numbers

Anon

What would be the best (secure and efficient) way to store/retrieve Credit Card information in a database (MySQL in my example). I found several encryption methods in PHP, but which of them to use? Or is there a better way?

Anon

That's a though one... I guess what I would have done is made a flat file somewhere else on the server outside the html root folder so that it would not be accessable by any web address... Next thing... I would set the access on it to 620 and lett the script only append to the file (you must be in the same group as apache (www) if not set chmod to 622). To read the file you MUST be loged in as yourself or root. Hope this was to any help

Andreas Bernhardsen

Anon

That's not encryption, though. For that, you need the mcrypt library
and to recompile PHP with mcrypt support (it's not the default.)

Then, from the available functions, use mcrypt_cfb(). This one
<b>requires</b> you to add an "initialization vector" which is
needed to avoid know-plaintext attacks--of course you have
to use a different "iv" each time, or you defeat the purpose of it.