cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Mdevaraj
Newcomer I

Payment card Security updates & news

Find all answers to security requirements from Payment Card industry , new updates , releases & changes from Payment Card Industry  .PCI Security Standards.jpg

4 Replies
MBiamonte77
Viewer

Anybody else wrestling with the deprecation of SHA1?   We just successfully completed an application change that allows the matching hash algorithm to be client-specific, via configuration, as a key step toward conversion - so that we could convert one client at a time.  Lot’s of clever ideas brought together by the team to minimize disruption on a massive update of these key matching fields.

Mdevaraj
Newcomer I

Sounds Good , most of the trusted browser deprecated the use of SHA-1 support . Test your SSL using the below to understand the Grade of your SSL , supported cipher suites . 

 

https://www.ssllabs.com/ssltest/index.html

 

 

Mdevaraj
Newcomer I

Do share one the best ideas that you feel was really great , one which really simplified the journey of migration from X to Y .  

MBiamonte77
Viewer

Two key ideas minimized disruption.   The core application functions that hash card numbers were modified to take a new parameter - which hash algorithm to use.  (We had some older clients using a hard coded SHA1, and some newer clients using a hard coded 256 - on a “Version 2” core code base).  

 

With each client’s new parameter set to the existing value (SHA1 or SHA256), the code change was launched (2 lines of code: 300+ test cases) but ... no data was changed.  We did this so that we could “flip the switch” (to 512) one client at a time.  It took a couple of hours of down time (2 am - 4am) to validate the code changes, but - at least - no data updates were needed now.

 

The actual conversion of each client (one at a time) took less than a minute of down time, accomplished by precomputing a completely new table, and doing a table rename along with the publish of the parameter change.