Security Basics mailing list archives
Re: Database Encryption and PCI issue.
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Tue, 12 Feb 2008 16:27:52 +0100
On 2008-02-12 m.farid.shawara () gmail com wrote:
We are in our way to have a PCI DSS complaint - and we are facing a challenge to have encryption with our Database Systems. The problem is that the Application we are using is using the PIN as a primary key in the DB tables - and this will make it very hard to encrypt the PIN columns ...
Why do you need to store the PINs instead of (salted) hashes thereof? Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- Database Encryption and PCI issue. m.farid.shawara (Feb 12)
- Re: Database Encryption and PCI issue. Ansgar -59cobalt- Wiechers (Feb 12)
- <Possible follow-ups>
- Database Encryption and PCI issue. Mohamed Farid (Feb 12)
- Re: Database Encryption and PCI issue. Taras Ivashchenko (Feb 12)
- RE: Database Encryption and PCI issue. m.farid.shawara (Feb 13)
- RE: Database Encryption and PCI issue. Craig Wright (Feb 13)
- RE: Database Encryption and PCI issue. Craig Wright (Feb 12)
- Re: Database Encryption and PCI issue. Taras Ivashchenko (Feb 12)
- Re: Database Encryption and PCI issue. amatachick (Feb 13)