DigiCash Ecash - 2 security topics
Lucky Green
shamrock at netcom.com
Mon Jan 22 13:18:39 PST 1996
At 11:26 1/22/96, Bryce wrote:
>What kind of performance hit does this new encryption entail?
>(No additional performance hit if SSL does it, I know.)
Very little.
>Are you considering having different protocols for SSL-protected
>transactions versus unprotected ones?
It isn't just an issue of SSL vs. unprotected. The new Ecash API that
DigiCash is jointly designing with developers, will support two basic
levels of operation. The first is similar to today's Ecash software. The
client handles the transport. The second just generates the messages. Your
application is responsible for getting them to where they should go.
Presumably securely.
>Let me repeat something I said a couple of weeks ago: I suspect
>that the weakest point in DigiCash security is on the end-user's
>own harddrive. A malicious cracker could write a Trojan horse
>or even a virus which would steal the user's coins and send them
>to himself.
Given the amounts likely to be found on a drive, I doubt it would be worth
the effort.
-- Lucky Green <mailto:shamrock at netcom.com>
PGP encrypted mail preferred.
More information about the cypherpunks-legacy
mailing list