|No such thing as a small change|
I freely admit that I have no experience encrypting sensitive data, but as I read through the responses on this thread, a rather queer idea occurred to me:
Would would everyone think of a system whereby the user chooses a password when then enter their CC#. On the server, that password in encrypted using crypt() or some similar one-way encryption, and then the line of gibberish that is the encrypted password is used as the key for the encryption on the actual CC#. That way, the numbers can be stored on the server, while the keys aren't.
Would something like this work?
Use of this advanced computing technology does not imply an endorsement
of Western industrial civilization.