Re: More FUD from First Virtual
At 08:51 AM 12/10/95 -0500, Nathaniel Borenstein <nsb@fv.com> (Tense Hot Alien In Barn) wrote:
In any event, I could write a virus that sits in front of the e-cash program and steals your keys when next you run the e-cash program. Software's just too easy to fool. That's why I regard the risk of catastrophe as being fairly large in software-based e-cash schemes.
How is this different for an ecash program vs. a First Virtual email acknowledgement program, where either a (really hairy) virus, or, more practically, an active email interloper could fake FV acks? While hardware may be the best encryption solution for the average user (as you say, and I think I agree with you), it needs to have some password interface such as a small keypad on the front of the smartcard, to prevent its usability after theft. Of course, there are problems with digicash as well; my Digicash play-money account thinks it's empty (in spite of having half a dozen coin-looking files), and doesn't recognize any of the half-dozen passwords I've guessed I might have used with it, so I'm not able to use Sameer's digicash-powered remailer. #-- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com # Phone +1-510-247-0663 Pager/Voicemail 1-408-787-1281
Excerpts from mail.limbo: 10-Dec-95 Re: More FUD from First Vir.. Bill Stewart@ix.netcom.c (1289*)
At 08:51 AM 12/10/95 -0500, Nathaniel Borenstein <nsb@fv.com> (Tense Hot Alien In Barn) wrote:
In any event, I could write a virus that sits in front of the e-cash program and steals your keys when next you run the e-cash program. Software's just too easy to fool. That's why I regard the risk of catastrophe as being fairly large in software-based e-cash schemes.
How is this different for an ecash program vs. a First Virtual email acknowledgement program, where either a (really hairy) virus, or, more practically, an active email interloper could fake FV acks?
It's fundamentally different because FV (unlike all the other systems, to my knowledge) is a "closed loop" financial instrument. By this I mean that it doesn't depend on a one-way passage of some kind of credentials to consummate a transaction. It would be almost equally easy to write a keyboard virus that intercepted your FV-ID as it would be to write one that intercepted your e-cash keys, but then there would be a pretty significant additional layer for the seamless interception and response to the confirmation email. (Note the "seamless" here. If you do it in such a way that it interferes with the user's normal mail, it will be caught pretty quickly.) Also, the "almost equally easy" refers to the fact that FV-ID's are free-form text, a very deliberate design decision that makes them far harder to sniff, even at the keyboard level, than credit card numbers (which are self-identifying), although a good e-cash system will share this quality for its pass phrases.
While hardware may be the best encryption solution for the average user (as you say, and I think I agree with you), it needs to have some password interface such as a small keypad on the front of the smartcard, to prevent its usability after theft.
Right, absolutely. But in this case, a virus still can't fake what's on the hardware.
Of course, there are problems with digicash as well; my Digicash play-money account thinks it's empty (in spite of having half a dozen coin-looking files), and doesn't recognize any of the half-dozen passwords I've guessed I might have used with it, so I'm not able to use Sameer's digicash-powered remailer.
And you're a *sophisticated* user, right Bill? This just underscores some other comments I've made in the past about Joe Sixpack. I think there will be serious usability problems. -- Nathaniel -------- Nathaniel Borenstein <nsb@fv.com> | (Tense Hot Alien In Barn) Chief Scientist, First Virtual Holdings | VIRTUAL YELLOW RIBBON: FAQ & PGP key: nsb+faq@nsb.fv.com | http://www.netresponse.com/zldf
-----BEGIN PGP SIGNED MESSAGE----- In article <0kn1Q6CMc50e02irtU@nsb.fv.com>, Nathaniel Borenstein <nsb@nsb.fv.com> wrote:
It's fundamentally different because FV (unlike all the other systems, to my knowledge) is a "closed loop" financial instrument. [ ... FV is inherently harder to crack than systems which actually use encryption, etc. etc., NB claims ... ]
Is it just me, or does this sound like a challenge? Personally, I'd much rather see a true e-cash system (like Digicash's) succeed than some pay-by-cleartext-email non-anonymous system. Maybe Sameer will create a Hack FV page :-) Or maybe NB will offer a $1000 bug bounty to anyone who can successfully forge a transaction in FV's system (since it's so foolproof)... - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMMytkyoZzwIn1bdtAQEY+AF/bGZOi37IlT0LTWz8zhMFM4JqZ2iSchrm Z3abBPc1MZxxDuG06NT3FCft9+eM13Fb =yXp4 -----END PGP SIGNATURE-----
Maybe Sameer will create a Hack FV page :-)
FV isn't worth it. Actually, Hack FV seems pretty pointless. Someone hacks FV, and a chargeback is issued on the credit card. Big deal. Same old outdated credit-card based payment systems. No more secure than credit cards. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org/ (or login as "guest") sameer@c2.org
participants (4)
-
Bill Stewart -
daw@bamako.CS.Berkeley.EDU -
Nathaniel Borenstein -
sameer