Friday, March 2, 2007

Encryption Mistakes, masterpiece by Chuvakin

Anton Chuvakin wrote a masterpiece about the most common mistakes regarding data encryption. They are:

- Not encrypting when it's easy and accepted
- Creating your own encryption
- "Hard-coding" secrets
- Storing keys with the encrypted data
- not handling data recovery (or "where are those f* keys????")

I think that every professional responsible for PCI compliance projects needs to read it. Encryption is not that silver bullet you're looking for (in fact, I hope you're not looking for one!)