[45951] in Cypherpunks
Cybercash security
daemon@ATHENA.MIT.EDU (David Klur)
Tue Dec 26 17:13:39 1995
Date: Tue, 26 Dec 95 15:28:11 CST
From: "David Klur" <dklur@dttus.com>
To: cypherpunks@toad.com, WWW-BUYINFO@ALLEGRA.ATT.COM
What are the major security risks of the Cybercash system?
I can't really find any, other than someone cracking the consumer's
Cybercash client s/w password and using the victim's account to order
something, or someone cracking RSA!. The following features seem to
mitigate other risks...
- The merchant never sees the credit card number
- The Cybercash server does not store any credit card numbers (only
temporarily while it is waiting for an authorizatino for a specific
card purchase)
- The consumer's credit card number is stored on his hard disk
encrypted w/DES
- The consumer sends his credit card number across the Internet
encrypted w/DES and signed w/ 768-bit RSA