[PYTHON-CRYPTO] credit card encryption
Rich Salz
rsalz at DATAPOWER.COM
Wed Jun 12 04:09:45 CEST 2002
> For example, the original PKCS1 has been replaced with an "improved"
> PKCS1 which was replaced with OAEP which is now deprecated in favor of
> RSA-KEM. Use a scheme that's already been vetted, even PKCS1 (which
> has some theoretical weaknesses).
I believe that RSA is advocating RSA-KEM, but they're pretty much alone.
The IETF, for example, is unconvinced that there is any real reason to
replace OAEP.
> You're supposed to do this if you're processing a lot of transactions
> or storing a lot of card numbers (like 100's of thousands).
The primary reason security for using h/w crypto devices is that you can
easily tell if it's been stolen, while you can't tell if someone's copied
your private key stored on disk. Performance can also be a reason, of
course.
Your other advice is all quite good.
/r$
More information about the python-crypto
mailing list