Oracle Transparent Database Encryption is a method of rendering the whole database or its columns encrypted. If the key management is done properly, that is the keys are managed through an independent method, Oracle TDE can render databases with card information unreadable very easily in PCI DSS compliant method. See how.
Hashing is one of the methods to render credit card data unreadable. An introduction to hashing using SHA-1 is explained. MD5 is another common algorithm. However please note that MD5, and SHA-1 are considered weak hashing methods. SHA-256 is currently a safe hashing method. An animation on SHA-1
Symmetric Encryption work with common keys. However common keys themselves cannot be transported as they are very sensitive. Common keys have to be generated independently by sender and receiver. This is accomplished through key exchange. There are 2 methods to do a Key Exchange. DH(Deffie Hellman), and RSA. As per PCI DSS 1024 bits or more key lengths for DH or RSA is needed. Internet Encryption SSL uses both DH and/or RSA for Key Exchange, to agree on 128 or 256 bit common key (SSL 128 or SSL 256). DH is explained in this presentation. Also explained is AES again.
AES Algorithm is a PCI DSS preferred and permitted cryptographic symmetric key algorithm. 256 bits key length is preferred though 128 bits is acceptable. A beautiful visualization under the hood on how AES algorithm works.
A layman introduction to Public and Private keys.
Hashing is one of the permitted methods under PCI DSS to render card data unreadable. This presentation explains the basics of Hashing. Permitted hashing algorithms change, so please keep an eye of PCI Security Standards Council for latest guidelines on hashing.
In this video tennis balls are used to explain encryption without any jargons.
Under PCI DSS requirement 4, card data must travel in public network encrypted. SSL is an approved method. This video gives an introduction to SSL.
Twitter