using m2crypto to encrypt credit card numbers

gyromagnetic gyromagnetic at excite.com
Tue Jun 11 14:29:28 CEST 2002


Hi,
Managing keys is a fundamental problem with encryption. I would highly
recommend that you not store the credit card numbers at all. Instead,
store a (SHA, MD5) hash of the number, and then validate against the
hash.

-g


"Mark McEahern" <marklists at mceahern.com> wrote in message news:<mailman.1023748154.2706.python-list at python.org>...
> I'm considering using M2Crypto (http://www.post1.com/home/ngps/m2/) to
> encrypt credit card numbers.  My part of the problem starts when the credit
> card arrives at the web server.  I plan to encrypt it with a public key and
> send it to a database that the web server only has write access to.
>



More information about the Python-list mailing list