WebApp Sec mailing list archives
storing SSNs, CCNs, password in the DB
From: "Francesco" <francesco () blackcoil com>
Date: Sun, 27 Feb 2005 14:32:12 -0800
What is the most secure way to store SSNs, CCNs, and passwords in the DB? Is this a good general policy? 1. If you need to be able to read the data back, the encrypt/decrypt with something like TDES, storing the keys in the registry. 2. If you don't need to read the data back and you just need to compare, then hash/salt with SHA1, storing the hash and salt in the DB. Francesco
Current thread:
- RE: ISA Server and SQL Injection, (continued)
- RE: ISA Server and SQL Injection Roberto GABERGI (Feb 17)
- RE: ISA Server and SQL Injection Jeff Robertson (Feb 17)
- Re: ISA Server and SQL Injection Matthieu Estrade (Feb 17)
- RE: ISA Server and SQL Injection Sebastien Deleersnyder (Feb 19)
- Re: ISA Server and SQL Injection Matthieu Estrade (Feb 19)
- RE: ISA Server and SQL Injection Ofer Shezaf (Feb 21)
- RE: ISA Server and SQL Injection Mark Curphey (Feb 21)
- Solutions, Results, and Comments - Was [ISA Server and SQL Injection] Jeremiah Grossman (Feb 23)
- Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection] David (Feb 23)
- Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection] Jeremiah Grossman (Feb 28)
- storing SSNs, CCNs, password in the DB Francesco (Feb 28)
- Re: storing SSNs, CCNs, password in the DB Adam Shostack (Feb 28)
- Re: storing SSNs, CCNs, password in the DB Francesco (Feb 28)
- Re: storing SSNs, CCNs, password in the DB Andrew van der Stock (Mar 01)
- Re: storing SSNs, CCNs, password in the DB Paul Johnston (Mar 01)
- Re: storing SSNs, CCNs, password in the DB Joseph Miller (Mar 01)
- Re: ISA Server and SQL Injection Matthieu Estrade (Feb 19)
- Re: storing SSNs, CCNs, password in the DB Alvin Oga (Mar 01)
- Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection] Jeff Williams (Feb 28)
- Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection] Jeremiah Grossman (Mar 01)
- Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection] Jeff Williams (Mar 01)
- Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection] Jeremiah Grossman (Mar 01)