in reply to
Encrypting Credit card numbers
I freely admit that I have no experience encrypting sensitive data, but as I read through the responses on this thread, a rather queer idea occurred to me:
Would would everyone think of a system whereby the user chooses a password when then enter their CC#. On the server, that password in encrypted using crypt() or some similar one-way encryption, and then the line of gibberish
that is the encrypted password is used as the key for the encryption on the actual CC#. That way, the numbers can be stored on the server, while the keys aren't.
Would something like this work?
Use of this advanced computing technology does not imply an endorsement
of Western industrial civilization.