RSA implementation, please comment.

Hi All;
I've come up with a solution and I'd like some feedback on whether or
not it is secure.

SYNOPSIS: Is Crypt::RSA secure acceptable in open source if the
private key password is in a browser cookie?

DETAILS:
We're running a pretty basic LAMPS system with MySQL 5.1 and Perl 5.8.
The client asked me to devise "a secure way to save credit card
numbers in the sales database". Every paper I've read recommends
saving the card numbers off site or not at all, but in this case the
the client is a middle-man who collects the sales information
(including card numbers) in one place, and needs to pull up the entire
customer record including card data in a back-office setting using a
secure server.

Most encryption and decryption schemas I came up with had the same
problem -- open source. Any method that would encrypt the data in
MySQL and be decrypted by Perl could be read if someone were to gain
access to the server. The MySQL login script could also be read in
open source, so I feared that no matter how well we encrypted the
data, a hacker would only have to follow the script to gain access to
thousands of card numbers.

The staff members will be opening hundreds of orders per day, and they
need the encryption to be fast and transparent with no inconvenience
at all to the legitimate users.

Here is the solution I came up with:

1. Using Crypt::RSA I created a 256 bit public and private key with a
63 character password. Both keys are saved on the server, but the
password is not.
2. The credit card number is a blob field. When a new order is
entered, it is encrypted with the public key and saved.
3. Authorized users will use a JavaScript page to set a cookie with
the private key's password. It will be a session only cookie, which is
removed automatically when the user logs out of the database
interface.
4. If the cookie is present, the script will use its value to open the
private key and display the card info. Otherwise, it only displays
************.

I believe that this solution is secure because the private key
password is never saved on the server. A hacker would have to gain
access to an authorized user's PC to gain the password. I am not sure
how difficult it is to crack a 256 bit private key with a 63 character
pass. There is plenty of documentation on how hard it is to brute
force the entire key, but not much I could find on the password.

If you can see a security hole with this method, please reply.
Thanks,
Rob
.

Relevant Pages

  • Re: HARDWARE: Open-Source-Friendly Graphics Cards -- Viable?
    ... I wonder what interest there might would be in an open source ... Something like an rsa secureid card but open source server? ... with a standard secure remote access facility. ...
    (Linux-Kernel)
  • Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
    ... companies to not adopt Linux as an operating system, because they can't secure their system. ... Credit card companies insuring the software hasn't been modified to skim cards, or Tivo making sure that their content providers are protected. ... "improve" security and must be vendor held and secret for it to work. ...
    (Linux-Kernel)
  • Re: Organizer
    ... making card payments in shops etc. ... usually waived if you've been normally careful and secure ... are making payments, your bank and/or card supplier will ...
    (comp.sys.acorn.apps)
  • Re: Asymmetric encryption questions
    ... >> I want to use public, private key encryption so after looking at the ... private keys I use the method 'ExportParameters' that returns ... > .NET has no managed support for secure key storage. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Relative Security Provided by Cached Domain Credentials?
    ... needs may dictate that a smart card alone is still not enough (i.e., ... the private key portion of the cert is stored locally on ... The user password, if the above file has been stolen "offline" ... access all his EFS encrypted files transparently as he does. ...
    (Focus-Microsoft)