[13558] in cryptography@c2.net mail archive
Re: An attack on paypal
daemon@ATHENA.MIT.EDU (James A. Donald)
Tue Jun 10 15:43:36 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography@metzdowd.com
Date: Tue, 10 Jun 2003 12:32:55 -0700
In-reply-to: <20030608214702.81573.qmail@web41105.mail.yahoo.com>
--
On 8 Jun 2003 at 14:47, tom st denis wrote:
> I disagree. That attack is more akin to a "Hi, I'm calling
> from {insert bank here} and we need your CC info to update
> your file."
>
> That doesn't mean credit cards [nor your bank] are flawed.
Actually credit cards, and your bank, are flawed, as any porn
site operator will tell you.
> The attack is based on you giving out the secrets, and alas,
> no crypto can really stop that
If people routinely conduct business by sharing secrets, they
will tend to share secrets with the wrong people. The
solution, envisaged a long time ago, but not implemented
successfully, is not to use shared secrets.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
z/jW5FTj5fTxewjBZmMh+hI7TPK07m0Wi/ugRB/p
4o2DM1LcrAnzZHIYbECFoxfE1N1Ts2we2cISfJ8QL
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
