On Thu, 30 Nov 1995 s1113645@tesla.cc.uottawa.ca wrote:

What if it's an ecash password getting stolen? Who's liable? (lemme guess, your money's gone, tough luck!)

From what I remember of the contract, that's true, the bank appear to take no liability for ecash (check the WWW page for the real details). As I'm not likely to have more than about $ 50 of ecash at any time, I'm not *that* concerned about it. Big users could transfer payments back into their dollar account ASAP to avoid most of these problems, just keeping enough in the ecash account to make any payments that may be required.

It's not really any worse than physical cash, as long as the software is reliable, which it appears to be (I've lost payments in the past, but cancelling them has always worked to get the money back).

Disclaimer: I don't have a marktwain account at the moment, so I can't say a thing about the security of the system. I wish them the absolute best of luck.

I do, and yes, from conversations with them it appears that if someone gets your secret key and password they can clear out all the money from your ecash account. This is potentially a real problem for shops, which have to have a secret key file on the machine they run from. Currently this even applies to shops that only *accept* ecash, though there may be an accept-only server out sometime, and I found a way to delete the secret key itself from the file and still have it work (I forget the exact details, you basically zero 256 bytes of the file that contain the key, which appears to be 768-bits according to the debug output, so I don't know what the extra bits are used for). Shops that pay out need to have an *unencrypted* secret key on the server, which is scary, but there's not much you can do about it if you're running on an insecure server... The only way around it that I can see would be to withdraw ecash using a secure machine and upload it to your server, so that the shop could make payments until the ecash supply was depleted and then you'd manually have to withdraw more. Then if someone broke into your account they'd get the ecash, but not the key, and you could limit your exposure to the amount you uploaded at any one time. I'll probably be doing that once the check I mailed over gets into my ecash account. This is strictly my understanding of the system based on what I've been told, so hopefully if I'm wrong then someone from DigiCash will correct me. Mark