I hate to complain. Magic Money is something that people have been asking for for a long time, and it's a very nice implementation. A lot of aspects have been really well thought out, particularly the money aging and replace- ment. But I've been playing with it off and on lately and there are some improvements needed IMO. I'll just assume interested readers know how the program works and jump right into it. - The program handles encryption of messages to and from the bank auto- matically, but makes the user have to handle encryption of messages to other people. I can see some justification for this - maybe the message (that is, a coins.dat file) will be sent via secure means like a direct or IR connection, so encryption is not needed. But most of the time it is needed, in which case the user has to use PGP or something as a sep- arate step. - The program distinguishes between bank messages, which are signed blinded coins, and user messages, which are raw coins, by whether they are in ASCII text or not. This is not the significant distinction between these two kinds of messages. - Bank messages look just like other PGP messages. But the user has to know not to try to run them through PGP and instead give them directly to the MM program un-decrypted. The only way he can tell is to notice that the sender address is the bank. If the bank ever sends him a real coin file (which it may to prime the pump) then the user just has to know to treat these messages differently. - There is no way to know which bank an incoming coin file is for. I think this is one of the biggest weaknesses of the system. If more than one bank is competing I have to know which bank a given coin file is associated with and go to that directory to process that coin file. - There is no way to put coin files directly into your allcoins.dat file. There are a couple of cases in which you might want to do this. First, you might pay out some coins and then change your mind before sending them, and want to put them back. Or second, you might receive some coins from a trustworthy person (your mum, say) and just want to add them without going through the bank. - More generally, it is difficult to use the program in a safe way which deals robustly with errors of various types. When I was first building the program I had some bugs which caused coins to appear to be double- spent, to not signature-check properly, to not be found in the proto file, etc. The program did not appear to handle all of these errors safely, sometimes aborting in the middle of a file. In addition, the program always calls its output files coins.dat and output.asc. If you run it twice without renaming these files you can lose data and lose money. Then, when you send the files, you need to manually keep backups in case the email fails. Again, otherwise you will lose money. - The money data structures do not allow for expansion. I'd like to see a way of adding new fields in the future which will be ignored by older versions of the program. For example, in regard to the above, I'd like to see a "bank email address" and possibly a bank key added to the coins.dat file. Then you could mail the coins to someone without including a lot of out-of-band data about the bank they were for. It would be nice if this could be done without totally breaking the current program. At a minimum a version number could be stuck at the front so that old programs would recommend that users upgrade. - The program uses PGP algorithms and data structures, but not its files. The bank's key and user's keys are kept in separate files. There might be advantages in putting these keys into PGP's regular files. Also, the random number generation in PGP looks stronger than MM, since it keeps much more state from run to run. MM seeds based on a very, very elementary hash on a file called rand.dat, which will tend to be fixed, and the time of day. - None of the MM files are encrypted on the disk. The money files could be stolen by someone with access to your computer, and your secret key used for communications with the bank could be stolen as well. This would be a major security flaw in some situations. Having made these complaints, let me reiterate that I am very pleased with this program overall. I also appreciate mpd@netcom.com's efforts in running a server. I have built a Mac client for MM which is not too mac-like but lets you drag-n-drop incoming files onto the MM icon and it handles them right. I'll tweak that a little more then upload it with the other clients. Hal