I have a requirement to store credit card details (not storing is NOT an option).
Using mcrypt with mcrypt_dev_random to generate init_vector takes varying ages to encrypt/decrypt but seems is the most 'secure' option. mcrypt_dev_urandom MUCH quicker but not suitable for long term storage - as I have read.
Looking at GnuPG as a possible alternative and would like some opinions/heads up on these if possible.
If you really want to store credit card information securely, there's a standard for it: Payment Card Industry Data Security Standard. And it's a lot more involved than using one specific encryption algorithm. It requires you to store parts of the card details on two physically separate machines, among many other things. And even if you follow the PCI standard to the letter, experts argue you're still not entirely secured. Anything less than that is pretty much not worth discussing in detail, since the overall level of security is so low that it hardly makes a difference.