Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

IV For Blowfish CC Encryption
 
vincentmfedorc
Jr. Member
 
Total Posts:  1
Joined:  2011-02-24
 

Hi, and thanks for reading!

My company has a project where we are required to extract credit-card numbers from the database.  I was wondering if anybody could tell me what IV (initialization vector) is used by Magento when it encrypts the credit card number?

Thanks in advance for any help smile
- Vince

 
Magento Community Magento Community
Magento Community
Magento Community
 
thebod
Moderator
 
Avatar
Total Posts:  81
Joined:  2010-08-11
 

Magento uses Mage_Model_Encrypt which uses Varien_Crypt for encryption and decryption.
Varien_Crypt uses by default MCRYPT_BLOWFISH.

The encryption key is stored in global/crypt/key and is set up during the installation (you can define your own one, if not magento uses md5(mt_rand()) to generate a secure key).

To encrypt stored data you can simply use Mage::getSingleton(’core/encryption’)->decrypt($string);

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top