[9760] in cryptography@c2.net mail archive
Re: Rubber hose attack
daemon@ATHENA.MIT.EDU (Rick Smith at Secure Computing)
Fri Nov 2 17:40:44 2001
Message-Id: <5.1.0.14.0.20011102133020.0281cff8@STPNTMX03.sctc.com>
Date: Fri, 02 Nov 2001 13:58:36 -0600
To: vertigo <vertigo@panix.com>
From: Rick Smith at Secure Computing <rick_smith@securecomputing.com>
Cc: JohnE37179@aol.com, <Jason.Gruber@btinternet.com>,
<cryptography@wasabisystems.com>
In-Reply-To: <Pine.NEB.4.40.0111021231130.14488-100000@panix1.panix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
At 11:44 AM 11/2/2001, vertigo wrote:
>The point is, without this cosmic notion of trust, _I_ could walk into a bank
>in semi-rurual Turkey and pull hundreds of dollars from YOUR credit card ac-
>count.
Of course. But this hasn't prevented people from acquiring and using credit
cards. More to the point, it hasn't prevented the merchants, banks, and
credit card issuers from maintaining and promoting this imperfect system.
This would suggest that the losses from fraud (which customers don't pay,
at least not here in the US) are amply covered by the income they bring in.
This sounds to me like a system that "works" in a practical sense.
An example of an authentication regime that did *not* work would be the
password-based mechanism Citibank used on the cash management accounts for
their large corporate customers, until they got hacked in the early '90s.
Rick.
smith@securecomputing.com roseville, minnesota
"Authentication" in bookstores http://www.visi.com/crypto/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
