SET

rah@shipwright.com wrote:

At Doug Tygar's talk at Harvard last week, he claimed to have found a way to crack it. I, um, forgot to press him on this. Has anyone heard about this, or what it might be?

Actually, I did not claim to break SET. What I said was: (a) because SET is such a complicated protocol, I am certain that it does have flaws; (b) SET does not have a clear design philosophy -- for example, it has modes in which a consumer's credit card number is hidden from a merchant and modes when it is given to a merchant. These ambiguous design points in the protocol make the protocol vulnerable to misuse. I have not made a serious effort to crack SET, yet. -- Doug Tygar