Firstly, don't store cc info longer than you need to.
A technique that I have used before is to generate public & private keys. Encrypt (e.g. DESWithMD5) the private key with a long passphrase (*not* password) and for extra security, store it on an inaccesable machine. The passphrase should be atleast 20 (maybe even more) characters otherwise the password won't have enough entropy to be useful.
In your server process, for each new encryption generate a new symmetric key (e.g. 3DES) and encrypt the credit card info with the symmetric key, then encrypt the symmetric key with the public key. Store both the cc info and the encrypted symmetric key in the DB. ( It is important to have the intermediate step because CC numbers often start with the same digits)
Now, when you start your offline process or any program that needs to access the cc info (preferably on another machine), you'll need to specify the passphrase for the secret key, so that the secret key can be decrypted.
I agree. The time has come to only use whitelists.
What I've always wondered though, is what happens when if both the sender and the recipient have a TMDA installed, and they have never sent an email to one another before?
Does the sender's TMDA block the authorisation request from the recipients TMDA ? Is there a "special" address that TMDA is sent from, and the sender allows email from the TMDA of the recipient if it comes through this address ? If so, then what is to stop spammers using this "special" address?
Microsoft has a history of taking a nice, simple technology and fucking it up by making it inelegant and incompatable.
C# is no exception.
I am starting to think that perhaps the purpose is not to be incompatible to lock ppl into Windows, rather that they have some strange breed of ppl who know no better than to make some real ugly shit. One rotten apple spoils the barrel, I guess.
They don't get it, do they ? Its almost like a physical law that governs the universe. There aint nothing that they can do to stop some bored teenager being able to turn the format back into.mp3,.ogg or whatever.
Actually, I don't think he did much for AI, except for the turing test, which is more of philosophical theory.
More acurately he is the father of Computing Science and he developed the "turing machine" -- basically the simplest model of a machine necessary to compute anything that is computable. He also determined what is computable by a machine and what is not computable, e.g.the halting problem
Come on, what are the real advantages of XP that the average user would notice ?
Surely going one step closer to a subscription-based model where Microsoft restricts what you can read, listen to etc. and generally fucks you over is not an advantage?
It was regular compression that made it 20 bytes. With ASN.1 it was ~2 bytes. Anyway, these numbers don't mean anything when it's mentioned so flippently without the actual original XML.
Re:ok, this is just plain wrong
on
Homebrew S/ADSL
·
· Score: 1
I continually amazes me how these types of articles appear every couple of weeks and same responses arise. It is getting so predictable it is getting boring.
Granted there are some thoughtful and informative answers. But these generally degrade into "Java sucks", "Java is slow and bloated", "C++ sucks", "C is the only real language" , "real programmers... " blah blah blah, in the subsequent replies.
Slashdot Mirror
A technique that I have used before is to generate public & private keys. Encrypt (e.g. DESWithMD5) the private key with a long passphrase (*not* password) and for extra security, store it on an inaccesable machine. The passphrase should be atleast 20 (maybe even more) characters otherwise the password won't have enough entropy to be useful.
In your server process, for each new encryption generate a new symmetric key (e.g. 3DES) and encrypt the credit card info with the symmetric key, then encrypt the symmetric key with the public key. Store both the cc info and the encrypted symmetric key in the DB. ( It is important to have the intermediate step because CC numbers often start with the same digits)
Now, when you start your offline process or any program that needs to access the cc info (preferably on another machine), you'll need to specify the passphrase for the secret key, so that the secret key can be decrypted.
Et Voila!
you are the fool if you try to april fool after midday. Perhaps this aint so in America?
What I've always wondered though, is what happens when if both the sender and the recipient have a TMDA installed, and they have never sent an email to one another before?
Does the sender's TMDA block the authorisation request from the recipients TMDA ? Is there a "special" address that TMDA is sent from, and the sender allows email from the TMDA of the recipient if it comes through this address ? If so, then what is to stop spammers using this "special" address?
You're right, what side is this shithead on anyway?
You're either with us or against us.
Microsoft has a history of taking a nice, simple technology and fucking it up by making it inelegant and incompatable.
...
C# is no exception.
I am starting to think that perhaps the purpose is not to be incompatible to lock ppl into Windows, rather that they have some strange breed of ppl who know no better than to make some real ugly shit. One rotten apple spoils the barrel, I guess.
Kinda feel sorry for them
You missed the obvious one "tits".
Oh well, just doing my bit.
They don't get it, do they ? Its almost like a physical law that governs the universe. .mp3, .ogg or whatever.
There aint nothing that they can do to stop some bored teenager being able to turn the format back into
RealPlayer 8 is available for linux ( I am listening to bbc world radio right now on MDK 8.0).
More acurately he is the father of Computing Science and he developed the "turing machine" -- basically the simplest model of a machine necessary to compute anything that is computable. He also determined what is computable by a machine and what is not computable, e.g.the halting problem
Surely going one step closer to a subscription-based model where Microsoft restricts what you can read, listen to etc. and generally fucks you over is not an advantage?
Why do people feel so compelled to upgrade?
No one is forcing you.
It was regular compression that made it 20 bytes. With ASN.1 it was ~2 bytes.
Anyway, these numbers don't mean anything when it's mentioned so flippently without the actual original XML.
This is not a troll, change it to funny.
Granted there are some thoughtful and informative answers. But these generally degrade into "Java sucks", "Java is slow and bloated", "C++ sucks", "C is the only real language" , "real programmers ... " blah blah blah, in the subsequent replies.
For fucks sake, can we progress a little?
Checkout http://www.dropbear.trav.net/ the official drop bear site.