Re: Re: CC encryption in Bazaar, needs testing

#1 Tue, 02/05/2008 - 13:31

Posts: 1228
Joined: 08/14/2007

bmagistro: I would use a full local path to the folder, and make sure you have chmod 775 that folder.

Ryan, here's my only concern. The encryption works great but, when I look in the database, it looks like the encrypted strings are the same length as the unencrypted version. For example, "Visa" comes up as N(cx and "Mastercard" comes up as GZ`OB4.Lo7 (these are not the real unencrypted strings). Notice that the second string is 10 characters, the same length as the word "Mastercard".

I'm not a security, encryption or cryptology expert, but it seems like if I gave someone who was a 4-letter string and they knew that it was a "Card type".. it's not difficult to figure out which card type is which. It seems reasonable enough that a person with enough resources, computing power, and time on their hands (and they are out there) would be able to figure out the encryption scheme from at least those two examples.

I might be making something out of nothing, but I think the encryption should be stronger than that. Dummy characters or something... Just my two cents, of course.

"Pain don't hurt." - Dalton

Mike Nelson's RiffTrax! www.rifftrax.com

CC encryption in Bazaar, needs testing By: Ryan (19 replies) Wed, 01/23/2008 - 16:18

Re: CC encryption in Bazaar, needs testing By: bmagistro (06/03/2008 - 15:56)
Help By: cdeverapalli (03/09/2008 - 16:53)
- Re: Help By: bobwm (06/03/2008 - 14:21)
  - Re: Re: Help By: Ryan (06/03/2008 - 15:01)
    - Postgres functions By: bobwm (06/03/2008 - 20:03)
      - Re: Postgres functions By: Ryan (06/04/2008 - 09:20)
    - Ryan wrote:Hey Bob, I'm glad By: bobwm (06/03/2008 - 19:01)
Re: CC encryption in Bazaar, needs testing By: lostcarpark (02/06/2008 - 20:28)
- Re: Re: CC encryption in Bazaar, needs testing By: Ryan (02/06/2008 - 23:33)
  - Re: Re: Re: CC encryption in Bazaar, needs testing By: TR (03/04/2008 - 17:24)
    - Re: Re: Re: Re: CC encryption in Bazaar, needs testing By: torgosPizza (03/04/2008 - 17:50)
    - TR, Yes, as I see it, the By: TCS (03/04/2008 - 17:49)
Re: CC encryption in Bazaar, needs testing By: bmagistro (01/31/2008 - 16:51)
- Re: Re: CC encryption in Bazaar, needs testing By: torgosPizza (02/05/2008 - 13:31)
  - Re: Re: Re: CC encryption in Bazaar, needs testing By: Ryan (02/05/2008 - 14:03)
    - Re: Re: Re: Re: CC encryption in Bazaar, needs testing By: torgosPizza (02/05/2008 - 14:51)
      - Re: Re: Re: Re: Re: CC encryption in Bazaar, needs testing By: Ryan (02/05/2008 - 15:22)
        Re: Re: Re: Re: Re: Re: CC encryption in Bazaar, needs testing By: torgosPizza (02/05/2008 - 15:56)
Re: CC encryption in Bazaar, needs testing By: torgosPizza (01/23/2008 - 17:44)

	Ubercart Affiliates
	Find payment and hosting services in our Affiliate Directory that support Ubercart development.

	User login
	Username: * Password: * Create new account Request new password

	Fast Invoicing
	We use and recommend FreshBooks for project time tracking and client invoicing.

	Support WiFi 2.0
	We support Free and Open access to unused airwaves. If you agree, please consider signing the petition.

Ubercart

Re: Re: CC encryption in Bazaar, needs testing

Navigation

Ubercart Affiliates

User login

Fast Invoicing

Support WiFi 2.0