[PYTHON-CRYPTO] credit card encryption

Rich Salz rsalz at DATAPOWER.COM
Wed Jun 12 04:09:45 CEST 2002


> For example, the original PKCS1 has been replaced with an "improved"
> PKCS1 which was replaced with OAEP which is now deprecated in favor of
> RSA-KEM.  Use a scheme that's already been vetted, even PKCS1 (which
> has some theoretical weaknesses).

I believe that RSA is advocating RSA-KEM, but they're pretty much alone.
The IETF, for example, is unconvinced that there is any real reason to
replace OAEP.

> You're supposed to do this if you're processing a lot of transactions
> or storing a lot of card numbers (like 100's of thousands).

The primary reason security for using h/w crypto devices is that you can
easily tell if it's been stolen, while you can't tell if someone's copied
your private key stored on disk.  Performance can also be a reason, of
course.

Your other advice is all quite good.
        /r$





More information about the python-crypto mailing list