Rubber hose attack
Rick Smith at Secure Computing
rick_smith at securecomputing.com
Fri Nov 2 14:58:36 EST 2001
At 11:44 AM 11/2/2001, vertigo wrote:
>The point is, without this cosmic notion of trust, _I_ could walk into a bank
>in semi-rurual Turkey and pull hundreds of dollars from YOUR credit card ac-
>count.
Of course. But this hasn't prevented people from acquiring and using credit
cards. More to the point, it hasn't prevented the merchants, banks, and
credit card issuers from maintaining and promoting this imperfect system.
This would suggest that the losses from fraud (which customers don't pay,
at least not here in the US) are amply covered by the income they bring in.
This sounds to me like a system that "works" in a practical sense.
An example of an authentication regime that did *not* work would be the
password-based mechanism Citibank used on the cash management accounts for
their large corporate customers, until they got hacked in the early '90s.
Rick.
smith at securecomputing.com roseville, minnesota
"Authentication" in bookstores http://www.visi.com/crypto/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list