More FUD from First Virtual

Nathaniel Borenstein nsb at nsb.fv.com
Mon Dec 11 14:48:59 PST 1995 

Excerpts from mail.limbo: 10-Dec-95 Re: More FUD from First Vir.. Bill
Stewart at ix.netcom.c (1289*)

> At 08:51 AM 12/10/95 -0500, Nathaniel Borenstein <nsb at fv.com> (Tense Hot
> Alien In Barn) wrote:

> >In any event, I could write a virus that sits in
> >front of the e-cash program and steals your keys when next you run the
> >e-cash program.  Software's just too easy to fool.  That's why I regard
> >the risk of catastrophe as being fairly large in software-based e-cash
> >schemes.

> How is this different for an ecash program vs. a First Virtual email
> acknowledgement program, where either a (really hairy) virus, or, 
> more practically, an active email interloper could fake FV acks?  

It's fundamentally different because FV (unlike all the other systems,
to my knowledge) is a "closed loop" financial instrument.  By this I
mean that it doesn't depend on a one-way passage of some kind of
credentials to consummate a transaction.  It would be almost equally
easy to write a keyboard virus that intercepted your FV-ID as it would
be to write one that intercepted your e-cash keys, but then there would
be a pretty significant additional layer for the seamless interception
and response to the confirmation email.  (Note the "seamless" here.  If
you do it in such a way that it interferes with the user's normal mail,
it will be caught pretty quickly.)  Also, the "almost equally easy"
refers to the fact that FV-ID's are free-form text, a very deliberate
design decision that makes them far harder to sniff, even at the
keyboard level,  than credit card numbers (which are self-identifying),
although a good e-cash system will share this quality for its pass
phrases.

> While hardware may be the best encryption solution for the average user
> (as you say, and I think I agree with you), it needs to have some password
> interface such as a small keypad on the front of the smartcard, to prevent
> its usability after theft.

Right, absolutely.  But in this case, a virus still can't fake what's on
the hardware.

> Of course, there are problems with digicash as well; my Digicash play-money
> account thinks it's empty (in spite of having half a dozen coin-looking files),
> and doesn't recognize any of the half-dozen passwords I've guessed I might have
> used with it, so I'm not able to use Sameer's digicash-powered remailer.

And you're a *sophisticated* user, right Bill?  This just underscores
some other comments I've made in the past about Joe Sixpack.  I think
there will be serious usability problems.  -- Nathaniel
--------
Nathaniel Borenstein <nsb at fv.com>       | (Tense Hot Alien In Barn)
Chief Scientist, First Virtual Holdings | VIRTUAL YELLOW RIBBON:
FAQ & PGP key: nsb+faq at nsb.fv.com       | http://www.netresponse.com/zldf

More information about the cypherpunks-legacy mailing list