-----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, nsb@nsb.fv.com writes:
Well, the mis-conceptions are flying fast and furious.
And not just from the rest of us. Your model is a malicious program that is installed on a user's machine (through whatever method, be it viral, trojan horse, black bag job, whatever). Fine, let's explore it a bit.
There are several schemes for Internet commerce that are unaffected:
-- First Virtual (of course)
If all my malicious program does is sniff keystrokes, FV accounts are less vulnerable. So I'll make my malicious program not only sniff keystrokes, but I'll hook your Winsock stack and intercept the POP3 queries. That way, I can catch the FV verification messages and confirm them. You'll never see anything happen.
-- Hardware encryption (e.g. consumer card-swipe machines)
So I'll get my malicious program to look for blocks of seemingly random data from the keyboard (where many swipe systems wedge in) or the com ports not used by mouse and modem. (on a PC platform, that's not likely since heroic measures are needed to run more than 2 com ports) Unless seeded by the transaction, these blocks should be vulnerable to a replay attack.
-- Smart cards
Smart cards may not be vulnerable to replay attacks, so you may be correct here.
-- Digital cash (unless the tokens are made too easy to recognize)
Or the site initiating the transaction is recognizable, prompting the malicious program to take notice. And since I've hooked all your net services, I can steal your coins easily... the transactions you send will never reach their destination. The "fatal flaw" here is that you haven't extended your threat model to its logical conclusion. If you assume a malicious program with access to the keyboard at the hardware level, that program could also access and manipulate the TCP/IP stack, as well as data flowing to/from networked applications of all sorts.
We say this VERY EXPLICITLY in our web pages. We are NOT saying we have the only safe approach. We have one of four safe approaches that we know of.
I only see one approach that's safe from local eavesdropping, and FV isn't it. - -- Roy M. Silvernail [ ] roy@cybrspc.mn.org PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey@cybrspc.mn.org -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMQ4Vihvikii9febJAQH6QgP/UaIlgQEmRgfS27DoOtr30BpTtR3H24bL 6fQRV1c99S7hPCAo3LPK28JH5HLC5WgoLZZBnNfu9eE4YcaSdOgC2Ok4Un3uSI2i ZFOGP+OPN7BQRE/7iLF9nLT9NmktGiZ0mFffCzqIKGWP/PH87/YJtJzJwlqdTNp4 BCJsnFlX04w= =osLe -----END PGP SIGNATURE-----