Storing a SIN number in MySQL

[jordanwb]

In a form that I made that is using HTTPS, one of the fields is for the Applicant and Co-Applicant's SIN numbers. Now I don't know how I'd go about encrypting them securely so that they cannot be obtained in a hacking. Any ideas as to storing SIN numbers safely?

 

I'll probably find something in two minutes. I always do.  :-\

[rhodesa]

depends on how you need to access them? you can always encrypt them with a one-way encryption using crypt(). But, you won't be able to read the SIN back. If someone provides the SIN again, you can find the matching record though. Just google for PHP user login tutorials and how to store passwords in a database....same concept

[jordanwb]

That's the thing though, one way encryption won't work. Someone posted a link of an encryption algorhythm that uses a key. But if someone hacks into the server the hacker could get the key and the algorhytym.

[rhodesa]

exactly, anything that isn't one-way is really just obfuscating it

[jordanwb]

That's true. So it doesn't really seem worth it to encrypt the SIN numbers.

[rhodesa]

That's true. So it doesn't really seem worth it to encrypt the SIN numbers.

 

um...that is up to you. obfuscation while not bullet-proof in any way shape or form, it is still a layer of protection. but, by obfuscating, it's adds an extra layer of complexity to your code...

[jordanwb]

um...that is up to you. obfuscation while not bullet-proof in any way shape or form, it is still a layer of protection. but, by obfuscating, it's adds an extra layer of complexity to your code...

 

Couldn't hurt. I'll add some obfuscation.

[fenway]

Look a the PCI compliance stuff for credit card numbers and CVVs.  Same idea.