My company has a project where we are required to extract credit-card numbers from the database. I was wondering if anybody could tell me what IV (initialization vector) is used by Magento when it encrypts the credit card number?
Magento uses Mage_Model_Encrypt which uses Varien_Crypt for encryption and decryption.
Varien_Crypt uses by default MCRYPT_BLOWFISH.
The encryption key is stored in global/crypt/key and is set up during the installation (you can define your own one, if not magento uses md5(mt_rand()) to generate a secure key).
To encrypt stored data you can simply use Mage::getSingleton(’core/encryption’)->decrypt($string);
