Excerpts from mail.limbo: 10-Dec-95 Re: More FUD from First Vir.. Bill Stewart@ix.netcom.c (1289*)
At 08:51 AM 12/10/95 -0500, Nathaniel Borenstein <nsb@fv.com> (Tense Hot Alien In Barn) wrote:
In any event, I could write a virus that sits in front of the e-cash program and steals your keys when next you run the e-cash program. Software's just too easy to fool. That's why I regard the risk of catastrophe as being fairly large in software-based e-cash schemes.
How is this different for an ecash program vs. a First Virtual email acknowledgement program, where either a (really hairy) virus, or, more practically, an active email interloper could fake FV acks?
It's fundamentally different because FV (unlike all the other systems, to my knowledge) is a "closed loop" financial instrument. By this I mean that it doesn't depend on a one-way passage of some kind of credentials to consummate a transaction. It would be almost equally easy to write a keyboard virus that intercepted your FV-ID as it would be to write one that intercepted your e-cash keys, but then there would be a pretty significant additional layer for the seamless interception and response to the confirmation email. (Note the "seamless" here. If you do it in such a way that it interferes with the user's normal mail, it will be caught pretty quickly.) Also, the "almost equally easy" refers to the fact that FV-ID's are free-form text, a very deliberate design decision that makes them far harder to sniff, even at the keyboard level, than credit card numbers (which are self-identifying), although a good e-cash system will share this quality for its pass phrases.
While hardware may be the best encryption solution for the average user (as you say, and I think I agree with you), it needs to have some password interface such as a small keypad on the front of the smartcard, to prevent its usability after theft.
Right, absolutely. But in this case, a virus still can't fake what's on the hardware.
Of course, there are problems with digicash as well; my Digicash play-money account thinks it's empty (in spite of having half a dozen coin-looking files), and doesn't recognize any of the half-dozen passwords I've guessed I might have used with it, so I'm not able to use Sameer's digicash-powered remailer.
And you're a *sophisticated* user, right Bill? This just underscores some other comments I've made in the past about Joe Sixpack. I think there will be serious usability problems. -- Nathaniel -------- Nathaniel Borenstein <nsb@fv.com> | (Tense Hot Alien In Barn) Chief Scientist, First Virtual Holdings | VIRTUAL YELLOW RIBBON: FAQ & PGP key: nsb+faq@nsb.fv.com | http://www.netresponse.com/zldf