Protecting Memory Secrets: Difference between revisions

Content added Content deleted
(Added Wren)
(added definitions/meanings of PAN and SAD)
Line 60: Line 60:
PCI Point-to-Point-Encryption (P2PE) Standard (v3.1) [https://docs-prv.pcisecuritystandards.org/P2PE/Standard/PCI-P2PE-v3_1-Standard.pdf PCI P2PE Standard] see requirements 2A-2.3 & 2B-1.5
PCI Point-to-Point-Encryption (P2PE) Standard (v3.1) [https://docs-prv.pcisecuritystandards.org/P2PE/Standard/PCI-P2PE-v3_1-Standard.pdf PCI P2PE Standard] see requirements 2A-2.3 & 2B-1.5


* has two types of secrets called PAN and SAD
* has two types of secrets called PAN (Primary Account Number) and SAD (Sensitive Authentication Data)
* don't secrets in working memory any longer than strictly necessary
* don't secrets in working memory any longer than strictly necessary
* developers should have secure coding traing for their langauge that includes managing sensitive data in memory
* developers should have secure coding traing for their langauge that includes managing sensitive data in memory
Retrieved from "https://rosettacode.org/wiki/Protecting_Memory_Secrets"