|
Posted by Todd H. on March 25, 2008, 10:17 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> I'm building a CGI eCommerce store and I'm looking for ways to create
> a decent 2 way encryption. Of course in a scripted language, I don't
> want my key in the script itself, but would rather store it somewhere
> obfuscated such as in a compiled C++ binary. (I know it doesn't help -
> much-, but defense in layers)
>
> A .NET programmer friend of mine uses a method that involves
> generating a hash from the Volume ID of the hard drive to use as a
> key. I like this approach, but am wary of hardware/software changes
> that will break my key.
>
> Am I going about this the correct way? Is there a better method for
> creating a decently secure 2 way encryption using a scripted language?
>
> Any help is very much appreciated. Thanks.
The path to hell is paved with such intentions. :-)
You may get a lot of mileage out of the OWASP Guide to web
application security, specifically this chapter:
http://www.owasp.org/index.php/Cryptography
More generally
http://www.owasp.org/index.php/Guide_Table_of_Contents
Best Regards,
--
Todd H.
http://www.toddh.net/
| 
XML site map