Announcement

Collapse
No announcement yet.

Strength of Log On security

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Strength of Log On security

    Out of curiosity, what is the strength of the log on and credit card encryption used to encipher the details? Not that I am going to generate random prime numbers to try and crack it or anything


    Bikster
    SellerDeck Designs and Responsive Themes
    Tags: None
    #2
    I dug this out - according to Actinic it's 128 bit:
    http://www.actinic.co.uk/faqs/faq06.htm#1

    Comment

      #3
      I think that relates more to the actual online security reading between the lines.

      Wondering if the default password (or when changed) forms part of some public key cipher based around the security key?


      Bikster
      SellerDeck Designs and Responsive Themes

      Comment

        #4
        Hi Jont,

        I've asked development for you. Will post back as soon as they let me know.
        ********************
        Tracey
        SellerDeck

        Comment

          #5
          We are using several different methods to provide secure handling of sensitive data.

          The account passwords are not stored online. Therefore they do not need very strong encryption. We are using a mixture of message digest algorithms to secure the login.

          The order details are a bit more sensitive and stored on the server for a while therefore we are using a symmetric algorithm to encrypt the data. The key length is 128 bit here.

          The credit card details when captured on the server are handled more carefully by encrypting with an asymmetric algorithm before it goes under the symmetric encryption of the order data. The key length depends on the server configuration. When the old java applet is used or ActEncrypt1024 perl module is installed on the server then 1024 bit is the used key length. Our shared SSL service is also using 1024 bit. Otherwise we are using 128 bit due to performance reasons (it would take ages for a pure perl code to do the 1024 bit encryption).

          I hope it helps.
          Zoltan
          Actinic Software
          www.actinic.co.uk

          Comment

            #6
            Originally posted by zmagyar
            encrypting with an asymmetric algorithm before it goes under the symmetric encryption of the order data.
            Cheers Zoltan - wondered how the key was being used to encrypt - understand now as a 2 stage process is being used.


            Bikster
            SellerDeck Designs and Responsive Themes

            Comment

              #7
              OpenSSL on Debian Linux

              If anyone cares about such things .....

              Recent reports show a flaw in OpenSSL on Debian Linux with the random number (used in part to generate the large factored primes) not being entirely random! Leaving the numbers open to brute force attacks.


              Bikster
              SellerDeck Designs and Responsive Themes

              Comment

              Previous template Next
              Working...
              X