Re: Re: Re: Encrypting cc_number in uc_payment_credit table.

#1 Wed, 10/31/2007 - 12:22

Posts: 1300
Joined: 08/14/2007

Okay, I threw the crypt / decrypt files onto my server. Check them out here:

http://shop.rifftrax.com/crypt.php
http://shop.rifftrax.com/decrypt.php

For testing values I'm using a bogus card number: 4111222233331234
This value is stored in the first line of crypt.php for the time being.

You can refresh the page and find random hashes for the card number (or whatever number you like stored in the $cc_num variable - hard coded for this test) and then plug the Base64 encode of the md5-block-cipher style encoded value (all 88 characters including the trailing periods) into the form field, and hit decrypt. Voila! You're back to the bogus card number.

(The secret is the passphrase that needs to be stored in a central location somewhere).

I can PM you the code if you want, I'm not sure I want to post it in the open forum.

Erik

UPDATE: Added the last four digits version of the card. You can paste that encoded value into the decryption form and it will return the correct value as well.

"Pain don't hurt." - Dalton

Mike Nelson's RiffTrax! www.rifftrax.com

Encrypting cc_number in uc_payment_credit table. By: torgosPizza (16 replies) Tue, 10/30/2007 - 18:49

Encryption of Customer Data By: DeskRocket (11/30/2007 - 00:39)
Yes this is an issue By: deanj200 (11/10/2007 - 16:11)
- Re: Yes this is an issue By: lostcarpark (11/13/2007 - 17:43)
Secure the database By: Lyle (10/31/2007 - 10:02)
Re: Encrypting cc_number in uc_payment_credit table. By: torgosPizza (10/30/2007 - 19:29)
- Don't Save CC Numbers, Even at Checkout By: ChrisAlbrecht (11/29/2007 - 12:48)
  - Clearing out CC numbers upon unsuccessful order By: mmwebdev (01/20/2008 - 20:31)
    - Re: Clearing out CC numbers upon unsuccessful order By: torgosPizza (01/21/2008 - 00:41)
      - Re: Re: Clearing out CC numbers upon unsuccessful order By: Ryan (01/21/2008 - 17:02)
        Re: Re: Re: Clearing out CC numbers upon unsuccessful order By: torgosPizza (01/21/2008 - 17:17)
        Re: Re: Re: Re: Clearing out CC numbers upon unsuccessful order By: Ryan (01/22/2008 - 12:04)
        Re: Re: Re: Re: Re: Clearing out CC numbers upon unsuccessful or By: torgosPizza (01/22/2008 - 12:40)
        Re: Re: Re: Re: Re: Re: Clearing out CC numbers upon unsuccessfu By: Ryan (01/24/2008 - 10:23)
- Re: Re: Encrypting cc_number in uc_payment_credit table. By: Ryan (10/31/2007 - 09:22)
  - Re: Re: Re: Encrypting cc_number in uc_payment_credit table. By: torgosPizza (10/31/2007 - 12:22)
- Storing CC numbers... By: dougdagaz (10/30/2007 - 21:51)

	Drupalcon DC
	Vote now to learn more about Ubercart in these sessions: Ubercart on Drupal 6 Advanced Ubercart Usage Starting Your Own Ubercart Store

	Ubercart Affiliates
	Find payment and hosting services in our Affiliate Directory that support Ubercart development.

	User login
	Username: * Password: * Create new account Request new password

	Fast Invoicing
	We use and recommend FreshBooks for project time tracking and client invoicing.

Ubercart

Re: Re: Re: Encrypting cc_number in uc_payment_credit table.

Navigation

Drupalcon DC

Ubercart Affiliates

User login

Fast Invoicing