[Cryptography] "Death Note" elimination for hashes
Phillip Hallam-Baker
hallam at gmail.com
Thu Oct 24 09:39:06 EDT 2013
On Mon, Oct 21, 2013 at 9:13 PM, Pat Farrell <pfarrell at pfarrell.com> wrote:
> On 10/21/13 6:06 PM, Jerry Leichter wrote:
> > Sorry, but hardly anyone will read this; most of those that do won't
> really
> > understand what it means; and, in general, it will just piss users off.
> > You broke the Internet for them. All this verbiage doesn't make it any
> better.
> >
> > Security is important, but the fact is that if you *ask* people whether
> they would
> > choose to be locked out of their on-line banking accounts for some
> indefinite period,
> > or be able to access their account at some small risk, you'll find hardly
> > anyone who wants to be locked out.
>
> It is only important for folks on this list and a tiny percentage of the
> world's users.
> We learned this the hard way at CyberCash in the 90s. We used RSA and DES
> and serious
> protocols. Paypal was convenient. Their security was a joke. CyberCash
> folded before
> the dot.boom. Paypal made billionaires out of its founders. Which led to
> the security team
> coining a rule: Consumers want convenients, not security.
>
>
Cybercash went out of business before the rise of PayPal. PayPal did not do
a merchant gateway product that would have competed with Cybercash until
they acquired the Signio business from VeriSign which included the
Cybercash assets that VeriSign bought out of bankruptcy.
What did for Cybercash was the fact that the merchant software kept falling
over and causing double charging of accounts. That and their business model
was a fee per service rather than the flat rate fee for connection of
Signio.
--
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131024/ecb94e46/attachment.html>
More information about the cryptography
mailing list