On Thu, 7 Dec 1995, Mark Twain Ecash Support wrote:
Anyhow, the obvious solution is encryption. Our new observation is that encrypting deposits & cancellations with the mint's public key is not enough to solve the problem. [Argument in support of claim elided... I am not conviced.]
I think he means you shouldn't use a stream cipher like RC4 that XORs the plaintext with the generated keystream, since if you know part of the plaintext, you can XOR those bytes with (the id you want) XOR (the id being sent) and change the encrypted data so that the payment goes into your account and not theirs. This is a tough, but potentially feasible attack if you use that kind of encryption scheme. Is there anywhere that you could use a similar attack on SSL ? Mark