using m2crypto to encrypt credit card numbers
Mark McEahern
marklists at mceahern.com
Tue Jun 11 09:05:17 EDT 2002
[gyromagnetic]
> Managing keys is a fundamental problem with encryption. I would highly
> recommend that you not store the credit card numbers at all. Instead,
> store a (SHA, MD5) hash of the number, and then validate against the
> hash.
I'm not using the credit card number to validate--that's what the password
is for. (I don't store the password, but a hash of it.) I'm using the
credit card number to collect payment.
If I don't store the credit card number, how do I send it to the payment
processor to collect payment?
// mark
-
More information about the Python-list
mailing list