Forum: Ruby encryption (of credit cards)

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
38a8230ed3d5c685558b4f0aad3fc74b?d=identicon&s=25 Joe Van Dyk (Guest)
on 2007-07-31 11:36
(Received via mailing list)
http://monkeycharger.googlecode.com/svn/trunk/app/...

Ignore the fact that it's a ActiveRecord model and tell me if the
encryption that I'm using for encrypting the credit card numbers is
reasonable.  Did I screw anything up?

What would you change?  I imagine I could generalize out the
encryption bits, right?

Thanks,
Joe
38a8230ed3d5c685558b4f0aad3fc74b?d=identicon&s=25 Joe Van Dyk (Guest)
on 2007-07-31 12:58
(Received via mailing list)
On Jul 31, 2:32 am, Joe Van Dyk <joevan...@gmail.com> wrote:
> http://monkeycharger.googlecode.com/svn/trunk/app/...
>
> Ignore the fact that it's a ActiveRecord model and tell me if the
> encryption that I'm using for encrypting the credit card numbers is
> reasonable.  Did I screw anything up?
>
> What would you change?  I imagine I could generalize out the
> encryption bits, right?

One alternative I came up with is to use some combination of a unique
user id, the credit card's cvv, and a secret key on the server for
encrypting the credit card number.  So, whenever you wanted to
authorize a card, you had to provide the unique user id and the CVV
for the card.  I figure that would make a bit safer.
This topic is locked and can not be replied to.