Credit Card Encryption

General PHP Help
#1

I’ve been meddling with credit card encryption today getting ready for a future project(hopefully). I will need to store these numbers in a database and I don’t it just laying there. I’ve come up with an algorithm that I think works pretty well but I’d like to get an opinion.

My end result was 0fd02b80a4bdc78. Where would I begin to test how strong this encryption is?

Thanks for any help!

#2

i’m not a encyption expert, but IMO:

the question is. who might get access to theres encripted data.
i first aproche to decript it would be to get access to the decription script as well (if i get this access i dont need more info to decript)

otherwise i wouldn’t be able to decript it without more than one of these entryes. but if i get multible enties there is other refereceable or guessable data i can use to decript it.

of cause it is good to have it not human readable, but if somone has access to ur database there should be no way of keeping him from decripting (to few data per user, but all in the same format)

#3

I’m not really afraid of people getting access to my files.

I’m more afraid of some kind of SQL injection displaying the tables. If they do that I’m sure it will become apparent how to decript it.

In an attempt to get aound that I filter any input going into a query with this function.

[php]
function filter($string)
{
$bad_words = array(‘select’,‘update’,‘delete’,‘set’,‘or’);
$break_up = explode(" ",$string);
for($i = 0; $i < sizeof($break_up); $i++)
{
if(in_array($break_up[$i],$bad_words))
return false;
else
return true;
}
}[/php]

Right now my number is salted with random numbers in certain places to confuse anyone who gets the numbers.The key for 0fd02b80a4bdc78 is 4451009911111111.

Thanks for your response.

#4

mysql_real_escape_string shuold be used to awoid mysql-injection.

if the string is mysql-encoded, no content is able to do any mysql-invection anymore. ur filter function shouldn’t hurt, but is superfluous.

the “bad signs” are " and '. and to avoid them u have to use mysql_real_escape_string.

anyway ur function lacs to filter “Select”, “SELECT”, a.s.o. because in_array is case-sensitive

http://php.net/mysql_real_escape_string
http://php.net/in_array

#5

Thanks for your help, I’ll use mysql_real_escape_string instead.

anyway ur function lacs to filter "Select", "SELECT", a.s.o. because in_array is case-sensitive

I use strtolower to change the case before sending it to the function, sorry I left that out.

Thanks!

Sponsor our Newsletter | Privacy Policy | Terms of Service