On my web site a user enters their credit card details. It is then transmitted with an ssl to the server. What I then want to do is encrypt the data so I can email it to the accounts dept. What I need is an algorithm to encrypt the data. I was going to do this by having a dll on the server to encrypt and an application in accounts to decrypt. Any ideas what I should use. I'm not sure public-private keys are that relevent as the algorithm will only be executed on the server/ local workstation

Just use WinZip or PKZip with encryption, and a password if you're really paranoid.

Both have command line processors that you can Shell to from VB to create the zip archive. For WinZip you have to have the Windows version installed, then add on the command line bit.
PKZip distributes both packages as standalone items.

We use simple four letter passwords like 'coke' or 'beer'.
Users like that.

Wouldn't those passwords take about 5 minutes to crack using a simple dictionary approach

It all depends how important that data is to you and how much time is it exposed before you have full control.

All emcryption methods can be cracked with TIME and of course, the perpetuator must deemed that data VERY IMPORTANT.

If its not so important to you, use a method like XOR with a 50-Letter Key. Its not so complicated but it will deter weak hackers.

Remember this is a weak encryption...but its definitly better than any dictionary approach.

Win98 screensaver uses XOR Encryption technique.

SoftwareMaker is right.

You can use really major encryption, but more & more algorithms are becoming subject to cracking. Define your limits to paranoia.
Just because it's possbile to crack some encryption with a million hours of compute time of a Cray, does that mean you should never use it?

Look at this way:

If you have some sinister force that wants to destroy your country and it's peeking at your network do you use Zip encryption? No. Do you use PGP? Probably not. Why - because it is at least theoretically possible to crack it. Then your whole world ends. Weirdos out to destroy the world will spend a lifetime trying to crack one message.

Sending company data is a different story. We have sent private data over the internet since 1996, using zip & encryption. Thousands of transactions. No problem. Why? Nobody cares enough to spend a day figuring out how to crack the stuff, which messages are important; because there are probably 100,000 zip attachments emailed over the net every minute. Like looking for a grain of sand on the beach. Which email out 20 million do I mess with today?

The only time this is a problem is if you have disgruntled tech staff people. These folks fall into the weirdo class, and they will know which email to tap into. So they will spend whatever time it takes to mess things up for you.

It's a reasonableness call, not a black & white thing about whether something is ultimately crackable or not.

Zip encryption will take somebody several days to crack - we don't actually use passwords like 'beer' and 'coke' - we use things like 'beer1234coke' that are extremely time consuming for dictionary programs to crack. And easy for users. A short sentence like "Beer_is_betterthancoke" will take several weeks to crack with a dictionary attack using a PC. If you use a sentence with one nonsense component, and more than 30 letters/numbers it will take several weeks to crack.


FWIW

I agree with everything that Jim M had said except one thing...

Sex is better than Beer and Coke....:)

Weeks are one thing but cred card numbers are valid for 2-3 years.

Then get your manager to approve the purchase of heavy-duty encryption software. Don't try writing a home grown encryption algorithm.