[45951] in Cypherpunks

home help back first fref pref prev next nref lref last post

Cybercash security

daemon@ATHENA.MIT.EDU (David Klur)
Tue Dec 26 17:13:39 1995

Date: Tue, 26 Dec 95 15:28:11 CST
From: "David Klur" <dklur@dttus.com>
To: cypherpunks@toad.com, WWW-BUYINFO@ALLEGRA.ATT.COM

     
     What are the major security risks of the Cybercash system?  
     I can't really find any, other than someone cracking the consumer's 
     Cybercash client s/w password and using the victim's account to order 
     something, or someone cracking RSA!.  The following features seem to 
     mitigate other risks...
     
     
     - The merchant never sees the credit card number
     
     - The Cybercash server does not store any credit card numbers (only 
     temporarily while it is waiting for an authorizatino for a specific 
     card purchase)
     
     - The consumer's credit card number is stored on his hard disk 
     encrypted w/DES
     
     - The consumer sends his credit card number across the Internet 
     encrypted w/DES and signed w/ 768-bit RSA
     


home help back first fref pref prev next nref lref last post