[PYTHON-CRYPTO] credit card encryption

Paul Rubin phr-pycrypt at nightsong.com
Wed Jun 12 04:28:10 CEST 2002 

    [Rich Salz]
    I believe that RSA is advocating RSA-KEM, but they're pretty much alone.
    The IETF, for example, is unconvinced that there is any real reason to
    replace OAEP.

When this has come up on sci.crypt, it's more like people don't see
much point to OAEP, and RSA-KEM is the main alternative I've seen
suggested.  Last I checked (6 months ago?), RSAS was advocating OAEP,
but that may have changed since then.

    > You're supposed to do this if you're processing a lot of transactions
    > or storing a lot of card numbers (like 100's of thousands).

    The primary reason security for using h/w crypto devices is that you can
    easily tell if it's been stolen, while you can't tell if someone's copied
    your private key stored on disk.

It's not just a matter of detecting someone deliberately copying your
secret key.  Key material is like toxic waste and it's very difficult
to keep it from leaking by accident in a hectic production environment
where there are constantly staff changes, emergency software patches,
sudden overnight bugouts of whole remote installations when the
hosting ISP goes bankrupt and shuts down with no notice (that actually
happened where I used to work and we're talking about truckloads of
equipment that had to be got out and brought to another site), backup
tapes with your key files on them that are supposed to go to offsite
storage but go to surplus dealers instead, etc.  Using hardware crypto
modules is contractually required in order to connect to some payment
networks and we were told we should be using them by the time we had
100,000 cards online.  The modules eliminate a lot of variables, which
is a good thing.

I'm a firm believer in crypto hardware and I sleep much easier when I
don't have any important private keys on general purpose computers.
The library I mentioned earlier tries to provide HSM-like
functionality as sort of a low-rent substitute for real HSM's.

  Performance can also be a reason, of course.

These days crypto hardware is generally slower than workstation
software except for maybe some specialized applications.  That's
especially true of lower cost devices, like the Java iButton which can
do about one RSA decryption per second (vs 100's per second for a
reasonably fast PC these days).

More information about the python-crypto mailing list