Quote:
Originally posted by The Hun
The creditcard numbers are used for verification only, not to bill anybody. So the actual number doesn't have to be stored. There are checksums you can calculate which would be unique for every creditcard number but are impossible to generate the original creditcard number from. The checksum would be stored, not the original creditcard number.
|
This was my only concern - since even if a company is legit, a hacker can still hold all the numbers as ransom - it has happened before.
But, your solution seem perfect - if you cant reverse the algorithm, then the checksum is fine - just like any user can see all the encrypted passwords on a box, but it doesnt mean anything since you cant reverse them.
BUT - passwords are made so they dont include common dictionary words, since a hacker can make a porgram that encrypts the data the same way as the password program does, and run it on a dictionary on his own computer - and if there's a match, boom! he has your password. This doesn't happen because on most boxes, using a password in a dictionary is illegal.
BUT credit card numbers are just numbers. It would be very easy to run through them all. Now that I think about it - why can't the same be done for passwords? Maybe because 62 possible combinations for each character is too many (26 upper case letters + 26 lower + 10 numbers), but for numbers, there's only 10 possibilities per character.
You would have to store the name and as much other information as possible to make this very difficult.
Just my 2 cents.